commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Niall Pemberton (JIRA)" <j...@apache.org>
Subject [jira] Updated: (VALIDATOR-151) [validator] Password validation revealed in javascript
Date Wed, 19 Jul 2006 13:25:31 GMT
     [ http://issues.apache.org/jira/browse/VALIDATOR-151?page=all ]

Niall Pemberton updated VALIDATOR-151:
--------------------------------------

    Component/s: Routines

> [validator] Password validation revealed in javascript
> ------------------------------------------------------
>
>                 Key: VALIDATOR-151
>                 URL: http://issues.apache.org/jira/browse/VALIDATOR-151
>             Project: Commons Validator
>          Issue Type: Improvement
>          Components: Routines
>    Affects Versions: 1.1.1 (alpha)
>         Environment: Operating System: other
> Platform: Other
>            Reporter: David Graham
>            Priority: Minor
>
> The javascript does not validate password fields for security reasons; however, 
> any rules defined on a password field still show up in the javascript (they're 
> just not used).  The min/max length and mask properties reveal sensitive 
> information about the server-side password validation structure.  The best 
> solution at this time is to not use validator to check password fields at all 
> but we need a better solution in the long run.
> See bug# 12473 for other details.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message