This was discussed once I people said there should be no default minimum length for password. So technically a zero length password can be inserted. For security reason it will not be accepted for logging anyway.
db.auth_user.password.requires.insert(0,IS_LENGTH(minsize=5)) On Saturday, 11 August 2012 10:26:37 UTC-5, Yarin wrote: > > The default login form does not require a password to be entered when > registering. Is this intentional? Seems a funny default. > > I can't figure out how to require a password. > > I added > db.auth_user.password.requires = IS_NOT_EMPTY(error_message=auth.messages. > is_empty) > > and added > required=True > > to the db password field definition, but it still lets me register without > any password... > --
