I agree with the security risk, but since passwords will only be able to be set by Administrators (after they've logged in) security is not much of a concern. Also, we'll have to display what the password rules are in order for a person (admin) to comply with them.
I didn't realize it (been heads down all day), but it looks like I've gotten some suggestions from posting this same question on my website (http://tinyurl.com/8urg). Matt > -----Original Message----- > From: David Graham [mailto:[EMAIL PROTECTED] > Sent: Friday, April 04, 2003 4:00 PM > To: [EMAIL PROTECTED] > Subject: Re: Password rules with the Validator? > > > Validating passwords in javascript is a *very* bad idea. A > hacker then has > access to all your password rules and makes it easier to > start guessing > passwords. This is the reason validator doesn't provide a password > validation. > > David > > > > >From: "Raible, Matt" <[EMAIL PROTECTED]> > >Reply-To: "Struts Users Mailing List" > <[EMAIL PROTECTED]> > >To: "'[EMAIL PROTECTED]'" > <[EMAIL PROTECTED]> > >Subject: Password rules with the Validator? > >Date: Fri, 4 Apr 2003 15:56:57 -0700 > > > >Does anyone know of any open source packages or techniques > for implementing > >password rules. For instance, I need to implement the > following rules for > >password in my application: > > > >Passwords must be made up of at least three (3) of the four > (4) following > >classes of characters: Lowercase letters, Uppercase letters, Numbers, > >Special > >Characters. > > > >I can probably whip up some JavaScript for this, but I'd > need server-side > >code to catch if JavaScript is disabled. I'm guessing this > is not possible > >with regular expressions in the Validator. > > > >Thanks, > > > >Matt > > > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > _________________________________________________________________ > The new MSN 8: advanced junk mail protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
