using regex for password validation
dn
PythonList at DancesWithMice.info
Wed Dec 23 20:28:24 EST 2020
On 24/12/2020 12:20, 2QdxY4RzWzUUiLuE at potatochowder.com wrote:
> On 2020-12-24 at 11:41:15 +1300,
> dn via Python-list <python-list at python.org> wrote:
>> On 24/12/2020 06:03, Sadaka Technology wrote:
>>> hello guys,
>>>
>>> I have this pattern for password validation (regex):
>
> [...]
> Is it my imagination, or does a password in which the only lower case
> letter is at the beginning fail?
As mentioned, I don't use RegEx so-often and rely upon a crib-sheet.
What I could?should have added, is that there are many web-sites which
enable one to enter a RegEx and some sample data, for immediate
verification. Very handy!
>> Contrarily, a RegEx may be quite the wrong tool for the job. Partially
>> because such expressions are difficult to understand - either someone
>> else's code or my own from the proverbial six-months back(!); and
>> partially here we're attempting to solve multiple problems in one go.
>
> "[M]ay be quite"? You are far too kind, dn.
The people on this list often help me, so...
Whereas I prefer to use str.functions, others may have their own
opinion. To some degree it's one of those 'horses for courses'
situations - and as illustrated, if the specs are tightened a bit
further, it may well be that a 'minimum of two upper-case characters'
rule would be easier to check with a RegEx!
>> If our ambitions include dreams of 'world domination', then we can
>> extend exactly the same idea of "rule" to the other three routines!
>> Whilst we 'start' with (say) the ASCII character definitions of a-z,
>> we will *be able* to extend into accented characters such as "ô" -
>> which really would promote us to take a rôle on the world-stage.
>> (hah!)
>
> If you're going to wander out of ASCII, then don't forget to address
> Unicode confusables. Nothing is more embarrassing than scribbling your
> complicated password on a sticky note and then not being able to tell
> the o's from the ο's. ;-)
Ök!
>> If we're going to be nice to our users, from where do we express these
>> "rules"? If the rule is hard-coded, then the user-advice must also be
>> hard-coded - and what do we say about having 'the same code' in
>> multiple locations? (see also "DRY principle"). How could one state
>> "the rules" *once*, and in such a fashion that they can be used for UX
>> output and a RegEx?
>
> That's the beauty of a regular expression: it's both human and computer
> readable. Just show the user the regular expression(s) you used. Oh,
> wait. Sorry. Scratch that.
>
> Thanks, dn, for saying all of that (including what I snipped) out loud.
I've finished 'official work' for the year - compliments of the season!
--
Regards =dn
More information about the Python-list
mailing list