_mercury
_mercury3w ago

✅ – _mercury – 05-25 May 9

what is wrong with that regex ?
No description
Solution:
i will add my barriers to strengths the pass a bit
Jump to solution
65 Replies
_mercury
_mercury3w ago
always i get the error although the password should be good
_mercury
_mercury3w ago
No description
_mercury
_mercury3w ago
No description
_mercury
_mercury3w ago
using mantine/form pkg
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
!val.match(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,50}$/) yes edited it and i works ... hope no underlying quirks why not check the regex of password to save a request to the server ?
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
for non-malicious user what is the problem ?
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
for simplicity but i will improve it
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
for me
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
i am wrong so i will improve it u r right
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
i did it 8-50 chars
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
why ?
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
what if somebody send 10k chars of password ? it will consume the server
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
my server would be consumed
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
to hash this long string it will take long time to hash 10 k text
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
argon2 ok good to know but still not convinced Sorry why not giving stupid user the passeord should be like that ( upper -lower - ... etc ) ?
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
befofre sending invalid req will remove it also it is 250 varchar in postgres .. ithink enough ? right ?
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
will make it text for safety instead of varchar
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
i just save invalid req to the server this is the actual reqson and to give a hint
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
so how the user know how the password should be ?
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
what if somebody think that sara12345 is good
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
but that will send a request
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
and the server validation will refuse it is unsecure passsword and it will be rejected
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
i will add special chars
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
but how the user know that the server require Upper -lower- special char - digit ?
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
mmm Ok still do not understand why giving the user a hint there is no cost for that on the frontend saving an invalid req why this is pointless not all uses are aware of constraints
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
yes i am speaking about the constraints i am not doing it to make password secure I just prevent a req that the server for sure will refuse
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
i own it
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
Oh why ?
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
somebody could add password like aaaaaaaaaa i see gmail and others do not accept that
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
even it is a user fault Aaaaaaaaaaa1$ i told you i will accept the special chars
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
first time to listen to something like that tbh --with respect
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
Solution
_mercury
_mercury3w ago
i will add my barriers to strengths the pass a bit
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
do you know the principle ( security in depth )? as a paranoid , i will let it like that even poitless
Unknown User
Unknown User3w ago
Message Not Public
Sign In & Join Server To View
_mercury
_mercury3w ago
i respect your help
reactibot
reactibot3w ago
This question has an answer! Thank you for helping 😄 If you have a followup question, you may want to reply to this thread so other members know they're related. https://discord.com/channels/102860784329052160/565213527673929729/1237998786140442654