As I wrote, it's just my personal taste how I would do it:
For a password check usually another component is involved (the user
name and/or a password retype), so this is no good case for IValidator.
You could use an IFormValidator, but then you can equally well just put
the check into onSubmit().
I not eager to explain my definition of 'heavy'. Next time I'll just
write a sloppy response about validators working 90% of the time ;).
Sven
Igor Vaynberg schrieb:
what exactly is "heavy" ?
a validator accessing the database? why is that heavy?
it keeps a reference to the object that does the database check? why
is that heavy? there are plenty of things to make the lookup
lightweight such as wicket-spring and salve.
what exactly is too heavy about something like a UserNameValidator
that does everything to validate a username?
-igor
On Fri, Jun 6, 2008 at 12:03 PM, Sven Meier <[EMAIL PROTECTED]> wrote:
The password check will probably require an access to your
database/ldap/whatever, so your validator will need a reference to some
singleton objects (service/dao/...).
For my taste this is too heavy for a validator.
Sven
Sergey Podatelev schrieb:
Okay, that is something I expected.
But can you please explain, why wouldn't you use validator for this?
It seems to be a good way to encapsulate certain functionality and if it
can't be bypassed, there're no security issues also.
Still, you'd use a check in onSubmit().
I'm just trying to understand if I maybe missing something here :)
On Fri, Jun 6, 2008 at 9:43 PM, Sven Meier <[EMAIL PROTECTED]> wrote:
Well, if your validator doesn't approve the entered password your form
will
never accept the submit.
There's no way to bypass the validation.
I'd prefer to check a password in onSubmit() though - but YMMW.
Sven
Sergey Podatelev schrieb:
Hello,
I'm wondering, how safe is it to use a custom validator to check current
password of the logged-in user, when he wants to change his password
(say,
on a profile page)?
Are there are any potential security issues that can allow user to pass
a
validation?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]