On Aug 21, 2011, at 7:45 AM, apple wrote:
> On trunk the password has to be over a certain length. If I try to
> login to an existing application with an existing user then it says my
> password is not long enough. However there is no way of changing it
> without logging in!
I do something like this. Your details might vary.
# invoke IS_STRONG only for password creation, not password checking
if "login" not in request.args:
auth.settings.table_user.password.requires.insert(0, IS_STRONG(min=8,
max=0, special=1))
...but I also define the entire auth table, so Massimo's method is handier if
you're using the default.
I think it'd be good if auth worked this way by default. There's no reason to
enforce IS_STRONG on login, and actually there's good reason *not* to, since it
enables an attacker to learn things about the actual password.
