Kirk Strauser schrieb: > Now, I'd like to change it to either show no asterisks or a set number of > asterisks (probably by generating an unlikely password and then checking for > that value later) so that the passwords aren't updated unless the user > actually types something in there, and so that the unencrypted password isn't > sent to the user in the "value" attribute of the "<input type="password">" > field. I'm pretty certain I'm not the first person to want to do this, so > how > do others do this idiomatically?
I usually do not pre-fill password fields at all with the current value and only change the password if the user fills in anything at all. The password field is usually part of a larger form to change the user profile. Empty passwords aren't allowed and I usually have additional restrictions for enhancing password quality (like min number of chars, required special chars, etc.) Here's a validator which checks for several password security vectors: http://paste.turbogears.org/paste/10001 I use it like so: class MySchema(validators.Schema): ... # add not_empty=True if the password must be filled in # to both password fields password = SecurePassword(max=40) password2 = validators.UnicodeString(max=40) group = ValidGroup() chained_validators = [ validators.FieldsMatch('password', 'password2')] Chris --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
