Ensuring a password is Alpha-Numeric

Craig_Westmoreland · September 19, 2009, 1:51pm

Hi there,

I am trying to make every effort in making the registration process as secure as possible.

One way of this, I was told was to ensure that a user registering on the site MUST enter a password that is encrypted in the database (done) and to ensure they enter an alpha numeric password.

in my user.rb file I have various rules of validation, such as password length, email address validation etc..

I want to make sure users enter an alpha numeric password. so far I have this:

validates_format_of :password, :with => /^[\w\.\-\+]+$/, :message => "must contain alpha and numeric characters!"

However, i can still enter just numerics if i want...

the above validates_format_of rule was taken from this site:

if i leave the password blank, the message ''must contain alpha and numeric characters!'' does get output on the site, but isn't working as i want...

Any ideas???

Thanks for your help!!

11175 · September 19, 2009, 2:06pm

RubyonRails_newbie wrote:

Hi there,

I am trying to make every effort in making the registration process as secure as possible.

One way of this, I was told was to ensure that a user registering on the site MUST enter a password that is encrypted in the database (done) and to ensure they enter an alpha numeric password.

If you want security, then don't restrict users to alphanumeric passwords. It's harder to guess passwords if they also contain punctuation marks.

in my user.rb file I have various rules of validation, such as password length, email address validation etc..

I want to make sure users enter an alpha numeric password. so far I have this:

validates_format_of :password, :with => /^[\w\.\-\+]+$/, :message => "must contain alpha and numeric characters!"

However, i can still enter just numerics if i want...

the above validates_format_of rule was taken from this site: Securing Rails Applications — Ruby on Rails Guides

if i leave the password blank, the message ''must contain alpha and numeric characters!'' does get output on the site, but isn't working as i want...

Any ideas???

You'll need a custom validation routine for this. A single regex will not be sufficient.

Thanks for your help!!

Best,

Eric9 · September 19, 2009, 5:34pm

I'd think the easiest way to allow people to use whatever characters they want would be not to use validates_format_of at all.

-eric

QJGui · September 20, 2009, 3:46am

First , please use the white list not the black list in the regex. Second, please validate the length of the input data.

/^[1]+$/i

\d\w ↩︎

Felix_Schafer · September 20, 2009, 6:11am

As a side note, and if you insist on being pedantic, I'd suggest using \A and \Z to delimit the beginning and the end of the whole string in the regex, as opposed to ^ and $ only matching the beginning and the end of a line in ruby, who knows, maybe one your users will try to use a password with a newline in it

Felix

QJGui · September 20, 2009, 8:59am

Thanks for your words. I am sorry for my words. /\A[\d\w]+\Z/im

Colin_Law1 · September 20, 2009, 9:14am

Thanks for your words. I am sorry for my words. /\A[\d\w]+\Z/im

I think the point of the OP's post was that he wanted the user to have to enter alphabetic _and_ numeric characters, not to limit them to only those characters.

Colin

QJGui · September 20, 2009, 1:55pm

I am sorry to misunderstanding the author’s needing. Waiting for solving.