Ensuring a password is Alpha-Numeric

Hi there,

I am trying to make every effort in making the registration process as
secure as possible.

One way of this, I was told was to ensure that a user registering on
the site MUST enter a password that is encrypted in the database
(done) and to ensure they enter an alpha numeric password.

in my user.rb file I have various rules of validation, such as
password length, email address validation etc…

I want to make sure users enter an alpha numeric password. so far I
have this:

validates_format_of :password,
:with => /^[\w.-+]+$/,
:message => “must contain alpha and numeric
characters!”

However, i can still enter just numerics if i want…

the above validates_format_of rule was taken from this site:

if i leave the password blank, the message ‘‘must contain alpha and
numeric characters!’’ does get output on the site, but isn’t working
as i want…

Any ideas???

Thanks for your help!!

RubyonRails_newbie wrote:

Hi there,

I am trying to make every effort in making the registration process as
secure as possible.

One way of this, I was told was to ensure that a user registering on
the site MUST enter a password that is encrypted in the database
(done) and to ensure they enter an alpha numeric password.

If you want security, then don’t restrict users to alphanumeric
passwords. It’s harder to guess passwords if they also contain
punctuation marks.

in my user.rb file I have various rules of validation, such as
password length, email address validation etc…

I want to make sure users enter an alpha numeric password. so far I
have this:

validates_format_of :password,
:with => /^[\w.-+]+$/,
:message => “must contain alpha and numeric
characters!”

However, i can still enter just numerics if i want…

the above validates_format_of rule was taken from this site:
Securing Rails Applications — Ruby on Rails Guides

if i leave the password blank, the message ‘‘must contain alpha and
numeric characters!’’ does get output on the site, but isn’t working
as i want…

Any ideas???

You’ll need a custom validation routine for this. A single regex will
not be sufficient.

Thanks for your help!!

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

First , please use the white list not the black list in the regex.
Second, please validate the length of the input data.

/^[\d\w]+$/i

2009/9/20 Eric [email protected]

validates_format_of :password,
numeric characters!‘’ does get output on the site, but isn’t working

Best,

Marnen Laibow-Koserhttp://www.marnen.org
[email protected]

Posted viahttp://www.ruby-forum.com/.


Code our future
Name : Wang P.
Nick : QJGui

I’d think the easiest way to allow people to use whatever characters
they want would be not to use validates_format_of at all.

-eric

On Sep 19, 7:06 am, Marnen Laibow-Koser <rails-mailing-l…@andreas-

Thanks for your words.
I am sorry for my words.
/\A[\d\w]+\Z/im

2009/9/20 Felix Schäfer [email protected]

\A and \Z to delimit the beginning and the end of the whole string in
the regex, as opposed to ^ and $ only matching the beginning and the
end of a line in ruby, who knows, maybe one your users will try to use
a password with a newline in it :wink:

Felix


Code our future
Name : Wang P.
Nick : QJGui

Sent from Wuhan, 42, China

Am 20.09.2009 um 05:46 schrieb Wang P.:

First , please use the white list not the black list in the regex.
Second, please validate the length of the input data.

/^[\d\w]+$/i

As a side note, and if you insist on being pedantic, I’d suggest using
\A and \Z to delimit the beginning and the end of the whole string in
the regex, as opposed to ^ and $ only matching the beginning and the
end of a line in ruby, who knows, maybe one your users will try to use
a password with a newline in it :wink:

Felix

I am sorry to misunderstanding the author’s needing.
Waiting for solving.
:slight_smile:

2009/9/20 Colin L. [email protected]

Colin

/^[\d\w]+$/i


Code our future
Name : Wang P.
Nick : QJGui

Sent from Wuhan, 42, China

2009/9/20 Wang P. [email protected]:

Thanks for your words.
I am sorry for my words.
/\A[\d\w]+\Z/im

I think the point of the OP’s post was that he wanted the user to have
to enter alphabetic and numeric characters, not to limit them to
only those characters.

Colin