Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: Yet another REGEXP Question

by AidanLee (Chaplain)
on Feb 05, 2002 at 16:48 UTC ( [id://143477]=note: print w/replies, xml ) Need Help??


in reply to Yet another REGEXP Question

Of course merlyn has a very important point -- the more different characters you allow in your password field, the harder to guess the password.

To answer your question, though, you'll need something like this:

if( $password =~ m/^[DesiredCharactersHere]+$/ ) {

    it's "reasonable"
}
else {

    it's not reasonable
}

[download]

It's a common saying that Perl gives you more than enough rope to hang yourself. Something similar can be said of the community too. We're not big on refusing to tell people some bit of knowledge. It's just that as we hand you that rope (and even telling you how to tie the knots), we're usually telling you why it isn't a good idea.

Update: Thanks to merlyn for catching the security hole. I've left the code with the bug in place so his post continues to make sense.

One thing I think is important to note about most of the replies that hasn't been explicitly mentioned is notice that almost all the code examples test for DesiredCharacters, not UndesiredCharacters. This is a best-practices approach to making sure you only get _exactly_ what you want in your password field, with no chances of forgetting to exclude anything undesired. That was my intention as well, but I seem to have let one (\n) slip in anyways.

Replies are listed 'Best First'.
security hole, danger - Re: Re: Yet another REGEXP Question
by merlyn (Sage) on Feb 05, 2002 at 22:37 UTC
    $password =~ m/^[DesiredCharactersHere]+$/
    Watch out! That permits "Desired\n"! I just zapped someone on the beginners list for that same mistake. Potential Big Security Hole.

    Better to use something like: $password !~ /[^DesiredCharactersHere]/ or even not $password =~ tr/DesiredCharactersHere//c.

    -- Randal L. Schwartz, Perl hacker

[reply]
[d/l]
[select]
Re: Re: Yet another REGEXP Question
by Chmrr (Vicar) on Feb 05, 2002 at 22:37 UTC

    A much more compact solution, given that s?he specified the characters s?he wanted, would be:

    if ($password =~ /\W/) {
  # It's "unreasonable"
} else {
  # It's really easy to guess -- err, I mean "reasonable"
}

    [download]

    perl -pe '"I lo*`+$^X$\"$]!$/"=~m%(.*)%s;$_=$1;y^`+*^e v^#$&V"+@( NO CARRIER'

[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://143477]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (4)
As of 2024-04-20 01:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found