✅ – _mercury – 05-25 May 9

what is wrong with that regex ?
No description
Solution:
i will add my barriers to strengths the pass a bit
Jump to solution
65 Replies
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
always i get the error although the password should be good
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
No description
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
No description
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
using mantine/form pkg
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
!val.match(/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,50}$/) yes edited it and i works ... hope no underlying quirks why not check the regex of password to save a request to the server ?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
for non-malicious user what is the problem ?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
for simplicity but i will improve it
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
for me
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
i am wrong so i will improve it u r right
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
i did it 8-50 chars
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
why ?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
what if somebody send 10k chars of password ? it will consume the server
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
my server would be consumed
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
to hash this long string it will take long time to hash 10 k text
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
argon2 ok good to know but still not convinced Sorry why not giving stupid user the passeord should be like that ( upper -lower - ... etc ) ?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
befofre sending invalid req will remove it also it is 250 varchar in postgres .. ithink enough ? right ?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
will make it text for safety instead of varchar
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
i just save invalid req to the server this is the actual reqson and to give a hint
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
so how the user know how the password should be ?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
what if somebody think that sara12345 is good
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
but that will send a request
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
and the server validation will refuse it is unsecure passsword and it will be rejected
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
i will add special chars
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
but how the user know that the server require Upper -lower- special char - digit ?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
mmm Ok still do not understand why giving the user a hint there is no cost for that on the frontend saving an invalid req why this is pointless not all uses are aware of constraints
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
yes i am speaking about the constraints i am not doing it to make password secure I just prevent a req that the server for sure will refuse
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
i own it
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
Oh why ?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
somebody could add password like aaaaaaaaaa i see gmail and others do not accept that
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
even it is a user fault Aaaaaaaaaaa1$ i told you i will accept the special chars
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
first time to listen to something like that tbh --with respect
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
Solution
_mercury 🇵🇸
i will add my barriers to strengths the pass a bit
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
do you know the principle ( security in depth )? as a paranoid , i will let it like that even poitless
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
_mercury 🇵🇸
_mercury 🇵🇸OP8mo ago
i respect your help
reactibot
reactibot8mo ago
This question has an answer! Thank you for helping 😄 If you have a followup question, you may want to reply to this thread so other members know they're related. https://discord.com/channels/102860784329052160/565213527673929729/1237998786140442654