Well, if your validator doesn't approve the entered password your form
will never accept the submit.
There's no way to bypass the validation.
I'd prefer to check a password in onSubmit() though - but YMMW.
Sven
Sergey Podatelev schrieb:
Hello,
I'm wondering, how safe is it to use a custom validator to check current
password of the logged-in user, when he wants to change his password (say,
on a profile page)?
Are there are any potential security issues that can allow user to pass a
validation?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
