Ensuring a password is Alpha-Numeric

Hi there,

I am trying to make every effort in making the registration process as
secure as possible.

One way of this, I was told was to ensure that a user registering on
the site MUST enter a password that is encrypted in the database
(done) and to ensure they enter an alpha numeric password.

in my user.rb file I have various rules of validation, such as
password length, email address validation etc..

I want to make sure users enter an alpha numeric password. so far I
have this:

validates_format_of :password,
                      :with => /^[\w\.\-\+]+$/,
                      :message => "must contain alpha and numeric
characters!"

However, i can still enter just numerics if i want...

the above validates_format_of rule was taken from this site:
http://guides.rubyonrails.org/security.html#good-passwords

if i leave the password blank, the message ''must contain alpha and
numeric characters!'' does get output on the site, but isn't working
as i want...

Any ideas???

Thanks for your help!!

RubyonRails_newbie wrote:

Hi there,

I am trying to make every effort in making the registration process as
secure as possible.

One way of this, I was told was to ensure that a user registering on
the site MUST enter a password that is encrypted in the database
(done) and to ensure they enter an alpha numeric password.

If you want security, then don't restrict users to alphanumeric
passwords. It's harder to guess passwords if they also contain
punctuation marks.

in my user.rb file I have various rules of validation, such as
password length, email address validation etc..

I want to make sure users enter an alpha numeric password. so far I
have this:

validates_format_of :password,
                      :with => /^[\w\.\-\+]+$/,
                      :message => "must contain alpha and numeric
characters!"

However, i can still enter just numerics if i want...

the above validates_format_of rule was taken from this site:
http://guides.rubyonrails.org/security.html#good-passwords

if i leave the password blank, the message ''must contain alpha and
numeric characters!'' does get output on the site, but isn't working
as i want...

Any ideas???

You'll need a custom validation routine for this. A single regex will
not be sufficient.

Thanks for your help!!

Best,

I'd think the easiest way to allow people to use whatever characters
they want would be not to use validates_format_of at all.

-eric

First , please use the white list not the black list in the regex.
Second, please validate the length of the input data.

/^[\d\w]+$/i

As a side note, and if you insist on being pedantic, I'd suggest using \A and \Z to delimit the beginning and the end of the whole string in the regex, as opposed to ^ and $ only matching the beginning and the end of a line in ruby, who knows, maybe one your users will try to use a password with a newline in it :wink:

Felix

Thanks for your words.
I am sorry for my words.
/\A[\d\w]+\Z/im

Thanks for your words.
I am sorry for my words.
/\A[\d\w]+\Z/im

I think the point of the OP's post was that he wanted the user to have
to enter alphabetic _and_ numeric characters, not to limit them to
only those characters.

Colin

I am sorry to misunderstanding the author’s needing.
Waiting for solving.
:slight_smile: