commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 23652] New: - Password validation revealed in javascript
Date Tue, 07 Oct 2003 14:08:18 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23652

Password validation revealed in javascript

           Summary: Password validation revealed in javascript
           Product: Commons
           Version: 1.1.1
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: Validator
        AssignedTo: commons-dev@jakarta.apache.org
        ReportedBy: dgraham@apache.org


The javascript does not validate password fields for security reasons; however, 
any rules defined on a password field still show up in the javascript (they're 
just not used).  The min/max length and mask properties reveal sensitive 
information about the server-side password validation structure.  The best 
solution at this time is to not use validator to check password fields at all 
but we need a better solution in the long run.

See bug# 12473 for other details.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message