using regex for password validation
2QdxY4RzWzUUiLuE at potatochowder.com
2QdxY4RzWzUUiLuE at potatochowder.com
Wed Dec 23 18:20:25 EST 2020
On 2020-12-24 at 11:41:15 +1300,
dn via Python-list <python-list at python.org> wrote:
> On 24/12/2020 06:03, Sadaka Technology wrote:
> > hello guys,
> >
> > I have this pattern for password validation (regex):
[...]
> > passwordpattern = "^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$])[A-Za-z\d@$!%?&]{8,}.$"
> >
> > my only issue is that I want to add the symbol () and symbol(.) in
> > the pattern where only it accepts $ and @, I tried adding generally
> > like [@_$] not working
[...]
Is it my imagination, or does a password in which the only lower case
letter is at the beginning fail?
> Contrarily, a RegEx may be quite the wrong tool for the job. Partially
> because such expressions are difficult to understand - either someone
> else's code or my own from the proverbial six-months back(!); and
> partially here we're attempting to solve multiple problems in one go.
"[M]ay be quite"? You are far too kind, dn.
> If our ambitions include dreams of 'world domination', then we can
> extend exactly the same idea of "rule" to the other three routines!
> Whilst we 'start' with (say) the ASCII character definitions of a-z,
> we will *be able* to extend into accented characters such as "ô" -
> which really would promote us to take a rôle on the world-stage.
> (hah!)
If you're going to wander out of ASCII, then don't forget to address
Unicode confusables. Nothing is more embarrassing than scribbling your
complicated password on a sticky note and then not being able to tell
the o's from the ο's. ;-)
> If we're going to be nice to our users, from where do we express these
> "rules"? If the rule is hard-coded, then the user-advice must also be
> hard-coded - and what do we say about having 'the same code' in
> multiple locations? (see also "DRY principle"). How could one state
> "the rules" *once*, and in such a fashion that they can be used for UX
> output and a RegEx?
That's the beauty of a regular expression: it's both human and computer
readable. Just show the user the regular expression(s) you used. Oh,
wait. Sorry. Scratch that.
Thanks, dn, for saying all of that (including what I snipped) out loud.
More information about the Python-list
mailing list