[Javascript] Regarding Password Validation

David Lovering dlovering at gazos.com
Mon Mar 1 18:44:28 CST 2004 

Hmmm... obviously another attack of foot-in-mouth disease on my part.

The "fastest possible" check would undoubtedly be a single regexp run inside
a match (as noted by a couple of other readers).  However, the regexp we
would need for an all encompassing solution to the original problem would
have to meet a number of considerations:

2 or more digits, AND 1 or more meta-characters in any order, interspersed
with any number of other characters.  If H can write a single "simple"
regexp that covers all these possibilities in a "pure" fashion (i.e; without
the gubbish I suggested), he is doing better than the guy who wrote the
O'Reilly book on regular expressions -- his example (of a very similar
nature) required a string of about 70+ characters worth of stuff to pull
off -- admittedly in a "pure" fashion.

Mind you, there are original (and very clever) RE's cropping up every day,
so I wouldn't be surprised if someone devises one to do precisely this.

An interesting alternative to the "pure" regexp and the "gubbish" method is
to do two different matches (one for digits, and one for special characters)
and simply multiply the numbers which fall out of the match(es).  If either
match turns up zero, the product is zero -- and the comparison tanks.
Otherwise, the matching string has all the features required.  I wish I
could say I thought of this -- but somebody much cleverer did.  [It came out
of an encryption journal I sometimes get copies of].  This method has the
advantage that it doesn't care about the order or placement of the matching
blocks within the test string, and you can cascade as many matches as you
like without creating a single humongous regular expression.  It also
enables you to use the matches like reusable parts, simply creating new
product terms of the matches when you want to test for something different.

Apologies to all for the "80-percent" gibe -- it was uncalled for.  Still,
RE's do add a lot of power (particularly to validation problems of this
sort), and they do so in a particulary efficient fashion (with or without
the gubbish).

Dave Lovering

----- Original Message ----- 
From: "Håkan Magnusson" <hakan at backbase.com>
To: "[JavaScript List]" <javascript at LaTech.edu>
Sent: Monday, March 01, 2004 10:31 AM
Subject: Re: [Javascript] Regarding Password Validation


> > On the regular expression you suggested, each part (numbers,
> > meta-characters) are in fact represented, but the way I'd interpret this
is
> > 2 or more digits followed by 1 or more meta-characters -- and nothing
else.
>
> As I wrote, "something that vaugely resembles this line should probably
> work:", I did not write "this is the ultimate solution to all your
> password validation problems". There are a few things missing in my
> regexp, but not much at all.
>
>
> > Trying to write "OR'd" terms into a regex covering every possible
> > permutation would take too much brain power (and I have little enough to
> > spare at present).  It would also make the expression rather lengthy,
and
> > hard to manage.
>
> This is, as I said earlier, not true. It is very, very simple to check
> for one or more needles in a haystack via regular expressions, in any
> order. I've never seen a scenario where you actually would have to use
> two regexps for this kind of simple operation.
>
>
> > The method I suggested is certainly less elegent, but (a)
> > much faster
>
> Much faster? Ahem?
> Explain to me how executing two regexp checks and two conditional checks
> can be (much) faster than one regexp check and one conditional check.
>
>
> > and (b) easier to make sense of.
>
> This is quite a contradiction you're presenting here, I must say that I
> am confused. First, you say that if you don't know regexp you're missing
> out on 80% of the powers of JavaScript, and in your next mail, you
> suggest that writing regexp code that does half the work but looks
> 'good' (to who?) is better than writing regexp code that does all the
> work in one line, and looks correct.
>
> I'm not utterly convinced, so to say.
>
> H
>
> David Lovering wrote:
>
> > On the regular expression you suggested, each part (numbers,
> > meta-characters) are in fact represented, but the way I'd interpret this
is
> > 2 or more digits followed by 1 or more meta-characters -- and nothing
else.
> > Any additional characters, or when the numbers and meta characters do
not
> > appear consecutively in this fashion would cause the expression to
evaluate
> > "false".
> >
> > Trying to write "OR'd" terms into a regex covering every possible
> > permutation would take too much brain power (and I have little enough to
> > spare at present).  It would also make the expression rather lengthy,
and
> > hard to manage.  The method I suggested is certainly less elegent, but
(a)
> > much faster, and (b) easier to make sense of.
> >
> > -- Dave Lovering
> >
> > ----- Original Message ----- 
> > From: "Ramachandran" <ramachandran at summitworks.com>
> > To: "[JavaScript List]" <javascript at LaTech.edu>
> > Sent: Monday, March 01, 2004 8:45 AM
> > Subject: RE: [Javascript] Regarding Password Validation
> >
> >
> >
> >>Hi Hakan,
> >>
> >>Yes i really need the Regular Expression for these conditions. If u find
> >>time...please write and send it to me...
> >>
> >>
> >>
> >>-----Original Message-----
> >>From: javascript-bounces at LaTech.edu
> >>[mailto:javascript-bounces at LaTech.edu]On Behalf Of Hakan Magnusson
> >>Sent: Monday, March 01, 2004 9:06 PM
> >>To: [JavaScript List]
> >>Subject: Re: [Javascript] Regarding Password Validation
> >>
> >>
> >>Ramachandran,
> >>This could be accomplished with only one regexp, of course.
> >>
> >>My regexp skills are not quite up to date, but something that vaugely
> >>resembles this line should probably work:
> >>
> >>/[0-9]{2,}[^a-zA-Z0-9]{1,}/
> >>
> >>You can then test your password field value against the regexp, and it
> >>will return true if the password has at least two numbers and one
> >>special character.
> >>
> >>Again, my regexp skills are not very hot. Someone who do know the ins
> >>and outs of regexps can build this for you in the blink of an eye, this
> >>regexp is NOT complicated. If you really need me to, I can build it for
> >>you when I have the time.
> >>
> >>Dave,
> >>I don't know about 'missing 80% of the power of JavaScript', regexps
> >>have nothing to do with JavaScript. Saying that someone who doesn't know
> >>regexps are missing 80% of the power of string manipulation/testing
> >>sounds more accurate to me. ;)
> >>
> >>H
> >>
> >>
> >>David Lovering wrote:
> >>
> >>
> >>>The easiest way I can think of is to use two regular expression filters
> >
> > to
> >
> >>>strip (respectively) everything out EXCEPT numbers, and everything out
> >>>EXCEPT special characters.  The output of these two filters are put
into
> >>
> >>two
> >>
> >>>strings, such as
> >>>
> >>>var digitString;
> >>>var specialString;
> >>>
> >>>... and then simply check the length of the two strings to make sure
> >
> > that
> >
> >>>they are greater than or equal to 2 and 1, again respectively.
> >>>
> >>>If you're not up on regular expression filters, you're missing about
80%
> >>
> >>of
> >>
> >>>the power of JavaScript (at least IMO).
> >>>
> >>>Try
> >>>
> >>>  var re0 = /[^0-9]/g;
> >>>  var re1 = /[a-zA-Z0-9]/g;
> >>>
> >>>  var digitString = myString.replace(re0, "");
> >>>  var specialString = myString.replace(re1, "");
> >>>
> >>>  alert("number of digits: " + digitString.length);
> >>>  alert("number of special characters: " + specialString.length);
> >>>
> >>>Or some variation thereof.  Incidently, I'd also check myString (the
> >>
> >>target
> >>
> >>>string coming in) for total length as well, as short strings are easy
to
> >>>crack.
> >>>
> >>>-- Dave Lovering
> >>>----- Original Message -----
> >>>From: "Ramachandran" <ramachandran at summitworks.com>
> >>>To: "[JavaScript List]" <javascript at LaTech.edu>
> >>>Sent: Monday, March 01, 2004 6:42 AM
> >>>Subject: [Javascript] Regarding Password Validation
> >>>
> >>>
> >>>
> >>>
> >>>>Hi all,
> >>>>
> >>>>I want to perform a validation in password field. The validation
> >
> > includes
> >
> >>>>the following conditions.
> >>>>
> >>>>1. It should contain atleast two no.s and once special characters.
> >>>>
> >>>>How can i do this one..
> >>>>
> >>>>Regards,
> >>>>Ram
> >>>>
> >>>>_______________________________________________
> >>>>Javascript mailing list
> >>>>Javascript at LaTech.edu
> >>>>https://lists.LaTech.edu/mailman/listinfo/javascript
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>_______________________________________________
> >>>Javascript mailing list
> >>>Javascript at LaTech.edu
> >>>https://lists.LaTech.edu/mailman/listinfo/javascript
> >>>
> >>>
> >>
> >>_______________________________________________
> >>Javascript mailing list
> >>Javascript at LaTech.edu
> >>https://lists.LaTech.edu/mailman/listinfo/javascript
> >>
> >>_______________________________________________
> >>Javascript mailing list
> >>Javascript at LaTech.edu
> >>https://lists.LaTech.edu/mailman/listinfo/javascript
> >>
> >>
> >
> >
> >
> > _______________________________________________
> > Javascript mailing list
> > Javascript at LaTech.edu
> > https://lists.LaTech.edu/mailman/listinfo/javascript
> >
> >
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>
>

More information about the Javascript mailing list