Either way the framework shouldn't throw an unhandled exception when the
user doesn't have a password. There is the question of whether the
application should assume database integrity or not. The framework should
disallow the login if a password isn't available. Although many systems
allow null passwords. It seems authentication should be a policy of the
application not the framework, but stabilizing the framework is more
important than adding features at this point.
~christopher
----- Original Message -----
From: jon * <[EMAIL PROTECTED]>
To: Turbine <[EMAIL PROTECTED]>
Sent: Tuesday, February 15, 2000 10:21 AM
Subject: Re: Bug in validateUser
> on 2/15/00 9:22 AM, John McNally <[EMAIL PROTECTED]> wrote:
>
> > So we should specify the password field as NOT NULL in our schemas? (I'm
> > assuming yes, but waiting to hear a reason not to.)
>
> Yes, we should specify it as NOT NULL.
>
> -jon
>
> --
> Come to the first official Apache Software Foundation
> Conference! <http://ApacheCon.Com/>
>
>
>
>
> ------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Problems?: [EMAIL PROTECTED]
>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
