- min 3 letters
- max 15
- characters A-Za-z0-9
- special charaters @#$%^&+=
This is what I have:
Regex.IsMatch(Password.Text, @"^[A-Za-z0-9@#$%^&+=]{3,15}$ ")
It always returns false.
Please help.
views:
115answers:
3
+3
A:
Take out the space at the end of the regular expression string. Also: corrected probable typos.
Regex.IsMatch(Password.Text, @"^[A-Za-z0-9@#$%^&+=]{3,15}$")
Travis Gockel
2010-01-20 00:17:59
didn't he also mean for it to be `^[A-Z...` ?
Earlz
2010-01-20 00:22:38
+1
A:
Why on earth do you want to restrict possible passwords?!?
- Why forbid french and german characters (unicode in general)?
- Why limit passwords to 15 chars? A lot of people use whole passphrases.
- Why limit the special characters? Why do you rule out
.and:?
SealedSun
2010-01-20 00:19:17
+1
A:
As mentioned, this is a very very bad idea. The much better approach would be to test the password strength of the entered password and set a score passwords have to beat.
There are algorithms to compute the strength of passwords. The following is taken from the Delphi Encryption Compendium by Hagen Reddmann (an thus in Pascal, but i guess this can be translated easily)
function PassphraseQuality(const Password: String): Extended;
// returns computed Quality in range 0.0 to 1.0
// source extracted from Delphi Encryption Compendium, DEC
function Entropy(P: PByteArray; L: Integer): Extended;
var
Freq: Extended;
I: Integer;
Accu: array[Byte] of LongWord;
begin
Result := 0.0;
if L <= 0 then Exit;
FillChar(Accu, SizeOf(Accu), 0);
for I := 0 to L-1 do Inc(Accu[P[I]]);
for I := 0 to 255 do
if Accu[I] <> 0 then
begin
Freq := Accu[I] / L;
Result := Result - Freq * (Ln(Freq) / Ln(2));
end;
end;
function Differency: Extended;
var
S: String;
L,I: Integer;
begin
Result := 0.0;
L := Length(Password);
if L <= 1 then Exit;
SetLength(S, L-1);
for I := 2 to L do
Byte(S[I-1]) := Byte(Password[I-1]) - Byte(Password[I]);
Result := Entropy(Pointer(S), Length(S));
end;
function KeyDiff: Extended;
const
Table = '^1234567890ß´qwertzuiopü+asdfghjklöä#<yxcvbnm,.-°!"§$%&/()=?`QWERTZUIOPÜ*ASDFGHJKLÖÄ''>YXCVBNM;:_';
var
S: String;
L,I,J: Integer;
begin
Result := 0.0;
L := Length(Password);
if L <= 1 then Exit;
S := Password;
UniqueString(S);
for I := 1 to L do
begin
J := Pos(S[I], Table);
if J > 0 then S[I] := Char(J);
end;
for I := 2 to L do
Byte(S[I-1]) := Byte(S[I-1]) - Byte(S[I]);
Result := Entropy(Pointer(S), L-1);
end;
const
GoodLength = 10.0; // good length of Passphrases
var
L: Extended;
begin
Result := Entropy(Pointer(Password), Length(Password));
if Result <> 0 then
begin
Result := Result * (Ln(Length(Password)) / Ln(GoodLength));
L := KeyDiff + Differency;
if L <> 0 then L := L / 64;
Result := Result * L;
if Result < 0 then Result := -Result;
if Result > 1 then Result := 1;
end;
end;
Mef
2010-01-20 00:24:14
Indeed. the 'password' library for Ruby makes it easy to check password strength. The library calls cracklib, which does many more and better checks than most programmers will want to do. For example, it will check that the password is not a dictionary word.
Wayne Conrad
2010-01-20 00:25:55
My purpose is to prevent cross browser scripting .If anybody can tell me how i can do that for a password field.
Dotnet Rocks
2010-01-20 00:29:09
@aloo: If this password is never displayed on a page (which is **should never be** anyways), then cross site scripting is not a problem. The real problem is SQL injection (http://en.wikipedia.org/wiki/SQL_injection), which you can prevent by writing proper SQL queries (see the wiki page).
BlueRaja - Danny Pflughoeft
2010-01-20 00:34:38
THanks for all your answers.After reading BlueRaja's comment, it makes sense not to add restriction to password field.
Dotnet Rocks
2010-01-20 01:02:07