Why not just @Persist the password value in the session, only overwriting the value if the user submits something? That way the value gets kept but at the same time the clientside doesn't have the plaintext password.
Thiago H. de Paula Figueiredo wrote: > Em Tue, 02 Sep 2008 16:57:19 -0300, Martijn Brinkers > <[EMAIL PROTECTED]> escreveu: >> really distrust applications that do not hash passwords. The mentioned >> problem can be solved my making a distinction between adding a new user >> (which requires a password) and editing a user (allow blank password >> indicating that the password should not be changed). > > It would be really nice if PasswordField did not set the corresponding > property value nor validate it when the the user leaves the field empty. > I think it would solve all (or almost all) the issues listed in this > thread. > > Thiago > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
