[TYPO3-mvc] Double-check Password

[Boris Meier]

Hi

Thank's for you answer. Yes, I was trying to implement a server-side check. (Un)fortunately my whole problem was only a typo-error and hence I was seeking way to far for the solution.

Everything is working now. But I've a general question on extbase. Right now I'm converting my password to salted in the "setPassword"-function in the ..._Domain_Model_Member This works fine, but is this also the theoretically right place to do this?

Cheers Boris




Am 31.01.2010 um 23:18 schrieb David Schreiber:

> Hi Boris,
> 
>> Has somebody already implemented a server-side double-check for a controll-password from a second form-field? Or how can I pass this controll-password to the ObjectValidator?
>> 
> 
> There are two ways you could probably check the  password:
> 
> 1) A client side check using JavaScript, verifying the password
> length, the password re-type, password safety and so on.
> 2) And this should be done always (not only for server security) a
> server side check of the submitted values.
> 
> You won't necessarily need to submit both password fields unless you
> make your client side double-check.
> 
> Since I'm rather new to TYPO3 and Extbase I'm not quite sure about the
> best practice, but I would always
> 
> 1) Implement a changePasswordAction() which only gets the password,
> validates it and updates it.
> 
> 2) This is what I would do when also other things need to be updated
> (maybe in case of a member settings page). Create a updateAction() and
> pass the updated object, as well as the other variables that maybe are
> required to update the object. Validate everything as needed and
> update it to the repository.
> 
> Hope I could help,
> David Schreiber
> _______________________________________________
> TYPO3-project-typo3v4mvc mailing list
> TYPO3-project-typo3v4mvc at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-project-typo3v4mvc