wicket validators have been designed to work up to 90% of the time. there is a heuristic that determines when the validator should stop the form from submitting and when not. we find that validators that work 100% of the time are just not as useful.
-igor On Fri, Jun 6, 2008 at 10:35 AM, Sergey Podatelev <[EMAIL PROTECTED]> wrote: > Hello, > > I'm wondering, how safe is it to use a custom validator to check current > password of the logged-in user, when he wants to change his password (say, > on a profile page)? > Are there are any potential security issues that can allow user to pass a > validation? > > -- > sp > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
