By default, auth.settings.password_min_length = 4, which is passed to the default CRYPT validator for the password field, so a minimum 4-character password should be required. Have you defined a custom auth_user table without specifying a CRYPT validator (or a min_length arg to CRYPT)? You can also add the IS_STRONG validator to the password field (should come before the CRYPT validator, since you need to check the password strength in plain text before CRYPT does any hashing).
Anthony On Wednesday, December 14, 2011 12:09:36 AM UTC-5, Viren Patel wrote: > > Hi all, > > In register screen if i do not provide password and verify-password still > the user does gets registered. > Thereafter i am also able to login with the registered user without > providing the password > How can we make the password field mandatory both in register and login > > Thanks, > Viren >
