On 23 May 2017, at 19:56, [email protected] wrote: > My approach is to never bind directly to the password attribute. > > With forms that persist a password value I bind to a component ivar, check > validity on the raw string to whatever my password policy might dictate (in > the component’s action method) then call the password attribute setter > passing the digested string.
We use a similar approach. You can also add cover methods in User: setPlaintextPassword(String): calls setPassword using the hash of the supplied String. String plaintextPassword(): just returns null. Then you can bind User.plaintextPassword in a form and get the expected behaviour: it hashes any password input, and never returns anything. -- Paul Hoadley http://logicsquad.net/ https://www.linkedin.com/company/logic-squad/
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
