I am trying to make every effort in making the registration process as
secure as possible.
One way of this, I was told was to ensure that a user registering on
the site MUST enter a password that is encrypted in the database
(done) and to ensure they enter an alpha numeric password.
in my user.rb file I have various rules of validation, such as
password length, email address validation etc…
I want to make sure users enter an alpha numeric password. so far I
have this:
I am trying to make every effort in making the registration process as
secure as possible.
One way of this, I was told was to ensure that a user registering on
the site MUST enter a password that is encrypted in the database
(done) and to ensure they enter an alpha numeric password.
If you want security, then don’t restrict users to alphanumeric
passwords. It’s harder to guess passwords if they also contain
punctuation marks.
in my user.rb file I have various rules of validation, such as
password length, email address validation etc…
I want to make sure users enter an alpha numeric password. so far I
have this:
\A and \Z to delimit the beginning and the end of the whole string in
the regex, as opposed to ^ and $ only matching the beginning and the
end of a line in ruby, who knows, maybe one your users will try to use
a password with a newline in it
First , please use the white list not the black list in the regex.
Second, please validate the length of the input data.
/^[\d\w]+$/i
As a side note, and if you insist on being pedantic, I’d suggest using
\A and \Z to delimit the beginning and the end of the whole string in
the regex, as opposed to ^ and $ only matching the beginning and the
end of a line in ruby, who knows, maybe one your users will try to use
a password with a newline in it
Thanks for your words.
I am sorry for my words.
/\A[\d\w]+\Z/im
I think the point of the OP’s post was that he wanted the user to have
to enter alphabetic and numeric characters, not to limit them to
only those characters.
Colin
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.