1 Reply Latest reply on Jul 10, 2009 9:27 AM by wachtda.scsi.gmx.ch

    Simple Password Validation when registering

    juanvinuales

      Hello!


      In a registration page, where the user has to write a password, i would like to validate, for instance, that the password introduced has only letters and numbers and, lets say, 10 characters maximum.
      But in DB, i store that password as a SHA1 hash, so the former restrictions are not applicable in this manner:




      @Entity
      @Scope(SESSION)
      @Name("user")
      public class User... {
        ...
        @UserPassword(hash="SHA")
        @Pattern(regex=Util.regEx_justLettersAndNumbers)
        @Length(max=15, message="#{messsages.valReg_passwordLong}")
        public String getPassword() {
          return passwordUsuario;
        }
        ...
      }





      So, a better approach, would be storing the password just as the user entered it, without hashing, in another field, such as enteredPassword, in this user entity or perhaps in the registration component.
      Anyway, the enteredPassword, wont be stored in the DB... so, if i wanted to perform validation... am i doomed to use the JSF standard validation mechanisms (creating a PasswordValidator class, etc) and forget the advantages of the hibernate validation? or is there a better way?


      thanks in advance,
      Juan