views:

74

answers:

3

I am not able to validate passord with ()-=_+ , i.e it should accept these special characters but its not working when i use the regular expression as

`validates_format_of :password,  :with => /^[A-Za-z0-9. ! @ # $ % ^ & * ( ) _ - + = ]*\z/` 

its only excepting till * but not accepting ()-=_+ in ruby on rails.

+1  A: 

The - at least is going to cause problems, think: [A-Z]. The ^ might be causing problems: does [A-Z^Q] mean all uppercase letter except Q in your regex flavor? (If so, everything after it would appear to not be there...)

Also: Zero length passwords are valid?

Thanatos
+9  A: 

Those characters need to be escaped with a \

But I would seriously recommend that you do not validate passwords like this! What is the point in restricting what users can choose for their passwords? You are artificially reducing the pool of characters for them to choose from, which in turn makes brute-force attacks easier.

Enforcing user names to be ASCII a-z, 0-9 is one thing, but you should certainly not restrict passwords to such a small subset of characters.

Dean Harding
+1 for stepping back and seeing the broader picture. Why are we restricting passwords?
Thanatos
A: 

validates_format_of :password, :with => /^[A-Za-z0-9. ! @ # $ % ^ & * ( ) _ - + = ]*\z/

This worked.