RubyonRails_newbie wrote: > Hi there, > > I am trying to make every effort in making the registration process as > secure as possible. > > One way of this, I was told was to ensure that a user registering on > the site MUST enter a password that is encrypted in the database > (done) and to ensure they enter an alpha numeric password.
If you want security, then don't restrict users to alphanumeric passwords. It's harder to guess passwords if they also contain punctuation marks. > > > in my user.rb file I have various rules of validation, such as > password length, email address validation etc.. > > I want to make sure users enter an alpha numeric password. so far I > have this: > > validates_format_of :password, > :with => /^[\w\.\-\+]+$/, > :message => "must contain alpha and numeric > characters!" > > However, i can still enter just numerics if i want... > > the above validates_format_of rule was taken from this site: > http://guides.rubyonrails.org/security.html#good-passwords > > if i leave the password blank, the message ''must contain alpha and > numeric characters!'' does get output on the site, but isn't working > as i want... > > Any ideas???? You'll need a custom validation routine for this. A single regex will not be sufficient. > > Thanks for your help!! Best, -- Marnen Laibow-Koser http://www.marnen.org [email protected] -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
