#831: Add form validation for identity_from_login
--------------------------------+-------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 1.0b1
Component: Identity | Version: 0.9a5
Severity: normal | Resolution:
Keywords: |
--------------------------------+-------------------------------------------
Comment (by godoy):
I dunno... I prefer doing that on my own code, using some mean to also
verify how strong / weak is the password. There are lots of JavaScript
functions available. After all, having a minimum of 8 chars and accepting
"12345678" or "abcdefgh" or even "aaaaaaaa" is not better than accepting a
minimum of four and using "@!çã"...
And I *always* loved sites that demand a minimum of "n" digits but doesn't
say that in the login form -- they already said that in the registration
form or invitation or welcome message... -- so that somebody doesn't have
a clue on how many chars they should start attacking passwords and
usernames.
The minimum that is said about password length, valid usernames, etc. the
better.
GMail, for example, just says "Username and password do not match. (You
provided jgodoy)". Orkut, one of the most used web applications today,
also have the same message and doesn't provide the username I tried
logging in with. So, the "requisite for a web app" doesn't seem to apply.
Yahoo! Groups and MSN do almost the same here, again contradicting your
requisites.
One must clearly separate login interface from user creation interface,
password setting interface, etc.
I also have a hidden div with a help message explaining some details --
not too much -- labeled "Help" on all of my forms, including the login
form. This might also be a better solution to the problem.
I always tell people to not trying to solve user
education/conscientization problems with technical workarounds. It will
fail sometime and users will be deceived because they weren't told how to
do it the right way before.
--
Ticket URL: <http://trac.turbogears.org/turbogears/ticket/831>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Tickets" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets
-~----------~----~----~----~------~----~------~--~---
