Ensuring Proper Password Format

Ensuring Proper Password Format
If you're asking your users to submit a password of 6-12 characters, you want to make sure it is done properly and without any special characters which could compromise your system.

To do this, you would want to use regular expressions. Be sure to read the articles on this site that explain how regular expressions work if you have not used them before.

The code would look like this:

NewPass = request("newpass")
Dim RegEx
Set RegEx = New regexp
RegEx.Pattern = "^[A-Za-z0-9]{6,12}$"
RegEx.Global = True
RegEx.IgnoreCase = True

if RegEx.Test(NewPass) = FALSE then response.redirect("error.asp")
Set RegEx = NOTHING

That ensures that the user-submitted password is 6-12 characters long and is made up solely of letters and numbers - no special characters like ; or ' that might jeopardize your database security.

Note that you need the ^ at the beginning and $ at the end. That ensures that the entire pattern matches - from the very beginning to the very end of the string.

Be sure to use input checks not only on your passwords, but on anything the user submits that then gets sent along to a database query!




RSS
Related Articles
Editor's Picks Articles
Top Ten Articles
Previous Features
Site Map





Content copyright © 2018 by Lisa Shea. All rights reserved.
This content was written by Lisa Shea. If you wish to use this content in any manner, you need written permission. Contact Lisa Shea for details.