[ http://issues.apache.org/jira/browse/VALIDATOR-151?page=all ]
Niall Pemberton updated VALIDATOR-151:
--------------------------------------
Component/s: Routines
> [validator] Password validation revealed in javascript
> ------------------------------------------------------
>
> Key: VALIDATOR-151
> URL: http://issues.apache.org/jira/browse/VALIDATOR-151
> Project: Commons Validator
> Issue Type: Improvement
> Components: Routines
> Affects Versions: 1.1.1 (alpha)
> Environment: Operating System: other
> Platform: Other
> Reporter: David Graham
> Priority: Minor
>
> The javascript does not validate password fields for security reasons;
> however,
> any rules defined on a password field still show up in the javascript
> (they're
> just not used). The min/max length and mask properties reveal sensitive
> information about the server-side password validation structure. The best
> solution at this time is to not use validator to check password fields at all
> but we need a better solution in the long run.
> See bug# 12473 for other details.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
