To: Web Site
Subject: ValidateAt parameter is effectively only client side (was: re[2]:
[ACFUG Discuss] Password CFinput regular expression - throws alert/error
after correction also)
: IIRC cfinput will always use a hidden form field on the client to
: force server side validation.
Dean
[mailto:ad...@acfug.org] On Behalf Of Mischa
Uppelschoten ext 10
Sent: Monday, March 09, 2009 3:05 PM
To: Web Site
Subject: ValidateAt parameter is effectively only client side (was:
re[2]:
[ACFUG Discuss] Password CFinput regular expression - throws alert/
error
after correction also)
: IIRC cfinput
client side (was: re[2]:
: [ACFUG Discuss] Password CFinput regular expression - throws alert/error
: after correction also)
: : IIRC cfinput will always use a hidden form field on the client to
: : force server side validation.
: Dean is right:
: cfif isdefined(form)
: cfdump var=#form# show
is effectively only client side
(was: re[2]:
: [ACFUG Discuss] Password CFinput regular expression - throws alert/
error
: after correction also)
: : IIRC cfinput will always use a hidden form field on the client to
: : force server side validation.
: Dean is right:
: cfif isdefined(form)
: cfdump
: Yes. Look at how its done by Struts and the Apache Commons Validator
: platform.
Unless I'm misunderstanding, in Struts you have to include the validation
routine in the action page, which is not really what I was after.
-
To
No, Struts uses Apache Commons under the covers. You simply declare
your validations in a deployment descriptor and they are automatically
applied at runtime by reflection.
-dhs
Dean H. Saxe, CISSP, CEH
d...@fullfrontalnerdity.com
What difference does it make to the dead, the orphans,
Hi there,
I have this code which checks if password is strong i.e. atleast 8
characters long, consiting of one Upper case and one Lower case and one
Number.and if not alerts the user about it. I am using a regular expression
to do this as u can see from code below. The problem is that once the
down their
passwords.
_
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Ajas Mohammed
Sent: Monday, March 09, 2009 10:28 AM
To: discussion@acfug.org
Subject: [ACFUG Discuss] Password CFinput regular expression - throws
alert/error after correction also
Hi there,
I have
Ajas,
IIRC cfinput will always use a hidden form field on the client to
force server side validation. If that's still the case (again, I
believe it is) this can be easily bypassed. (No, that doesn't solve
your issue, but it moves the problem elsewhere.)
-dhs
Dean H. Saxe, CISSP, CEH
, 2009 10:28 AM
To: discussion@acfug.org
Subject: [ACFUG Discuss] Password CFinput regular expression -
throws alert/error after correction also
Hi there,
I have this code which checks if password is strong i.e. atleast 8
characters long, consiting of one Upper case and one Lower case and
one
To: discussion@acfug.org
Subject: [ACFUG Discuss] Password CFinput regular expression - throws
alert/error after correction also
Hi there,
I have this code which checks if password is strong i.e. atleast 8
characters long, consiting of one Upper case and one Lower case and
one Number.and
On Mon, Mar 9, 2009 at 12:08 PM, Shane studio...@gmail.com wrote:
I just brought up the point because I have seen more than one website,
including my bank, that forces an extended char set but limits the password
length to a MAX of 8 characters. Yeesh.
Yes, during my last password change
Message-
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H.
Saxe
Sent: Monday, March 09, 2009 10:54 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Password CFinput regular expression -
throws
alert/error after correction also
I'm not sure I totally agree with you
...@acfug.org] On Behalf Of Dean H. Saxe
Sent: Monday, March 09, 2009 11:35 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Password CFinput regular expression - throws
alert/error after correction also
That policy wouldn't fly in the real world for most apps. And if you go
that far... I'd
: Monday, March 09, 2009 11:19 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Password CFinput regular expression - throws
alert/error after correction also
On Mon, Mar 9, 2009 at 12:08 PM, Shane studio...@gmail.com wrote:
I just brought up the point because I have seen more than one
-
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe
Sent: Monday, March 09, 2009 11:35 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Password CFinput regular expression - throws
alert/error after correction also
That policy wouldn't fly in the real world
.
-Original Message-
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dean H. Saxe
Sent: Monday, March 09, 2009 11:35 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Password CFinput regular expression - throws
alert/error after correction also
That policy wouldn't fly
On Mon, Mar 9, 2009 at 12:55 PM, Ajas Mohammed ajash...@gmail.com wrote:
Thanks guys, but again, does anyone know why CF Validation doesnt see that
user has altered text in password box and it needs to run validation again
for new input?
We hijacked your thread Ajas! :)
For my part, I'm not
*To:* discussion@acfug.org
*Subject:* Re: [ACFUG Discuss] Password CFinput regular expression -
throws alert/error after correction also
Thanks guys, but again, does anyone know why CF Validation doesnt see
that user has altered text in password box and it needs to run validation
again for new
:* Re: [ACFUG Discuss] Password CFinput regular expression -
throws alert/error after correction also
Thanks guys, but again, does anyone know why CF Validation doesnt see
that user has altered text in password box and it needs to run validation
again for new input?
Ajas Mohammed /
http
...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Ajas
Mohammed
*Sent:* Monday, March 09, 2009 11:56 AM
*To:* discussion@acfug.org
*Subject:* Re: [ACFUG Discuss] Password CFinput regular expression -
throws alert/error after correction also
Thanks guys, but again, does anyone know why
: IIRC cfinput will always use a hidden form field on the client to
: force server side validation.
Dean is right:
cfif isdefined(form)
cfdump var=#form# show=MyNumber
/cfif
cfform name=cfformtest
cfinput type=Text validate=integer validateat=OnServer name=MyNumber
cfinput type=Submit
Ajas,
You might want to try doing a web searching:
http://blog.stevenlevithan.com/archives/regex-lookahead-bug
I found this within two searches that may give you some insight that IE and
the RegEx engine have some issues and the example above addresses a password
RegEx specifically.
Teddy
Thanks Teddy,
Appreciate it.
Sorry, but I was so under so much pressure, that I didn't think of
searching even once.
Thanks again.
Ajas Mohammed /
http://ajashadi.blogspot.com
We cannot become what we need to be, remaining what we are.
No matter what, find a way. Because thats what winners
Not a problem, Ajas. It happens and it will probably happen again to any
one of us.
Happy Coding,
T
...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Ajas
Mohammed
*Sent:* Monday, March 09, 2009 11:56 AM
*To:* discussion@acfug.org
*Subject:* Re: [ACFUG Discuss] Password CFinput regular expression -
throws alert/error after correction also
Thanks guys, but again, does anyone know why CF
added in CF 7)
will keep the value entered from one submission to the next, FWIW.
/charlie
From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Ajas Mohammed
Sent: Monday, March 09, 2009 11:28 AM
To: discussion@acfug.org
Subject: [ACFUG Discuss] Password CFinput regular expression
expression - throws
alert/error after correction also
Hi there,
I have this code which checks if password is strong i.e. atleast 8
characters long, consiting of one Upper case and one Lower case and one
Number.and if not alerts the user about it. I am using a regular expression
to do
28 matches
Mail list logo
