✅ – _mercury – 05-25 May 9

_mercury · 2024-05-09T05:25:11.521Z

what is wrong with that regex ?

_mercury•3mo ago

always i get the error although the password should be good

_mercury•3mo ago

_mercury•3mo ago

using mantine/form pkg

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

!val.match(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,50}$/) yes edited it and i works ... hope no underlying quirks why not check the regex of password to save a request to the server ?

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

for non-malicious user what is the problem ?

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

for simplicity but i will improve it

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

for me

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

i am wrong so i will improve it u r right

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

i did it 8-50 chars

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

why ?

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

what if somebody send 10k chars of password ? it will consume the server

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

my server would be consumed

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

to hash this long string it will take long time to hash 10 k text

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

argon2 ok good to know but still not convinced Sorry why not giving stupid user the passeord should be like that ( upper -lower - ... etc ) ?

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

befofre sending invalid req will remove it also it is 250 varchar in postgres .. ithink enough ? right ?

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

will make it text for safety instead of varchar

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

i just save invalid req to the server this is the actual reqson and to give a hint

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

so how the user know how the password should be ?

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

what if somebody think that sara12345 is good

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

but that will send a request

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

and the server validation will refuse it is unsecure passsword and it will be rejected

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

i will add special chars

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

but how the user know that the server require Upper -lower- special char - digit ?

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

mmm Ok still do not understand why giving the user a hint there is no cost for that on the frontend saving an invalid req why this is pointless not all uses are aware of constraints

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

yes i am speaking about the constraints i am not doing it to make password secure I just prevent a req that the server for sure will refuse

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

i own it

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

Oh why ?

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

somebody could add password like aaaaaaaaaa i see gmail and others do not accept that

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

even it is a user fault Aaaaaaaaaaa1$ i told you i will accept the special chars

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

first time to listen to something like that tbh --with respect

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

do you know the principle ( security in depth )? as a paranoid , i will let it like that even poitless

Unknown User•3mo ago

Message Not Public

Sign In & Join Server To View

_mercury•3mo ago

i respect your help

reactibot•3mo ago

This question has an answer! Thank you for helping 😄 If you have a followup question, you may want to reply to this thread so other members know they're related. https://discord.com/channels/102860784329052160/565213527673929729/1237998786140442654