Evaluate my regex pleeze?
View Single Post
05-05-2008, 01:24 AM
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
I guess I just assumed there, about the alphanumerical passwords. It hadn't crossed my mind that <:*h*&*k*:??> might be a stronger password than "hellokitty", but as usual somebody else has thought of what I haven't.
Just updated my authentication class to allow for this.
Though I wouldn't say using a regular expression still isn't a bad idea to disallow certain things. Perhaps ~[\t\n\r\f\v[:cntrl:]]+~ might be a start?
This kind of makes me re-evaluate my basic sanitization routine too... I have it right now so that it strips anything off the ends that looks like the user is trying to do a basic SQL injection (such as comment characters) and changes anything that looks like HTML to their entities (specifcally <script> etc). I want my scripts to be secure, but not at the cost of usability.
edit: let me rephrase that last bit; I want my code to be secure AND usable.
View Public Profile
Send a private message to delayedinsanity
Visit delayedinsanity's homepage!
Find More Posts by delayedinsanity