Hello, I'm wondering, how safe is it to use a custom validator to check current password of the logged-in user, when he wants to change his password (say, on a profile page)? Are there are any potential security issues that can allow user to pass a validation?
-- sp