DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652 Password validation revealed in javascript Summary: Password validation revealed in javascript Product: Commons Version: 1.1.1 Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: Other Component: Validator AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] The javascript does not validate password fields for security reasons; however, any rules defined on a password field still show up in the javascript (they're just not used). The min/max length and mask properties reveal sensitive information about the server-side password validation structure. The best solution at this time is to not use validator to check password fields at all but we need a better solution in the long run. See bug# 12473 for other details. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
