First , please use the white list not the black list in the regex. Second, please validate the length of the input data.
/^[\d\w]+$/i 2009/9/20 Eric <[email protected]> > > I'd think the easiest way to allow people to use whatever characters > they want would be not to use validates_format_of at all. > > -eric > > On Sep 19, 7:06 am, Marnen Laibow-Koser <rails-mailing-l...@andreas- > s.net> wrote: > > RubyonRails_newbie wrote: > > > Hi there, > > > > > I am trying to make every effort in making the registration process as > > > secure as possible. > > > > > One way of this, I was told was to ensure that a user registering on > > > the site MUST enter a password that is encrypted in the database > > > (done) and to ensure they enter an alpha numeric password. > > > > If you want security, then don't restrict users to alphanumeric > > passwords. It's harder to guess passwords if they also contain > > punctuation marks. > > > > > > > > > > > > > in my user.rb file I have various rules of validation, such as > > > password length, email address validation etc.. > > > > > I want to make sure users enter an alpha numeric password. so far I > > > have this: > > > > > validates_format_of :password, > > > :with => /^[\w\.\-\+]+$/, > > > :message => "must contain alpha and numeric > > > characters!" > > > > > However, i can still enter just numerics if i want... > > > > > the above validates_format_of rule was taken from this site: > > >http://guides.rubyonrails.org/security.html#good-passwords > > > > > if i leave the password blank, the message ''must contain alpha and > > > numeric characters!'' does get output on the site, but isn't working > > > as i want... > > > > > Any ideas???? > > > > You'll need a custom validation routine for this. A single regex will > > not be sufficient. > > > > > > > > > Thanks for your help!! > > > > Best, > > -- > > Marnen Laibow-Koserhttp://www.marnen.org > > [email protected] > > -- > > Posted viahttp://www.ruby-forum.com/. > > > -- Code our future Name : Wang Pengcheng Nick : QJGui --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
