Is it reasonable to use the following reg. password expression?

K

khomaldi2018-12-13 13:12:08

JavaScript

khomaldi, 2018-12-13 13:12:08

Hello. I want to give the user the ability to enter any characters for the password other than a space. I use the following reg. expression . Please tell me how safe it is (what if he introduces something tricky there?) And if it is unsafe, then what reg. expression to use for such purpose? /^[\S]{8,72}$/

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Saboteur, 2018-12-13
@saboteur_kiev

Taken from the recommendations of the Mozilla developers ( https://developer.mozilla.org/en-US/docs/Web/JavaS... )

function escapeRegExp(string){
  return string.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); // $& means the whole matched string
}

J

jsmittie, 2019-08-11
@jsmittie

The user will not be able to enter something like that if unsafe characters are escaped on the backend. :)
The specified regular expression for the password is not very good, because this pattern can be used to enter an unsafe password, for example 123456789
Something more secure and banal is better - at least one number, at least one lowercase letter and one capital letter.