Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Conditions :
Passwords must have at least 8 characters, which combine the use of at least 2 of the following: upper and lower case letters, numbers, and special characters.
Which pattern can fit with conditions?
Regular expressions are the completely wrong approach for this. Instead simply count the number of occurrences of each character type and then simply use if statements and boolean logic to check if your requirements are met.
However, reconsider if what you want to do is a good idea:
Restricting the symbols is a horribly bad idea. Any character should be allowed
When the password has a certain length, requiring e.g. symbols/numbers/mixed-case loses lots of its purpose. Additionally an attacker cannot know if some user uses just lowercase chars or just digits in his password and thus he cannot tune a brute-force attack to use only those chars - and since you'll hopefully be throttling incorrect logins brute-force is not a good option anyway.
Imagine "correct horse battery staple" from the famous xkcd. While all those words are in a dictionary and might even fail a improperly implemented password check, it's very secure. While a single dictionary word is extremely insecure multiple of them will be easy to remember and secure (an attacker would have to try all e.g. 4-word combinations which are A DAMN LOT even with just a 1000 word dictionary).
So a much better password policy would:
Reject obviously bad sequences. That's consecutive digits like 12345 or 54321. qwertz, qwerty, etc. are also bad.
Reject any password that can be found in a dictionary as a whole. Make sure to use both an english dictionary and one for each language your site supports.
Reject any other password that is likely to be insecure. Contains the username (even if backwards)? Nope. Contains the part before the # of the user's email address? Nope. Contains his birthdate? Nope.
Require at least 8 characters (as you already intend to do).
There's also an interesting post on the IT Security Stack Exchange site which you should read: Short complex password, or long dictionary passphrase?
string PASSWORD_PATTERN = "((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[##$%]).{8,20})";
string password = "Password#1#";
Regex.IsMatch(password,PASSWORD_PATTERN);
try this.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I need some help with some operators in the If statement...
I am running a code like this
if (statement.Contains("weather") &&
(
statement.Contains("what") || statement.Contains("how")
)
)
{
statement = ("It's " + Weather.Get_Weather("condition") + " outside");
}
but it's not working... can any one help me with this, because I cannot find any mistake in this code and I don't even have that much experience with this type of operators like || and && because I can use If Statements inside If Statements.
And I want the statement to have Weather and What or How so I can confirm It's a Question, Or the user is asking for the weather...
You can Also gimme more ideas on this...
'how is the weather' this is not going through the If statement
it contains How and weather that's enough...
I am Really Sorry for my Question, It was My Problem I did not know that Contains() is Case-Sensitive...
Assuming the statement you're testing is actually 'How is the weather' then your if statement is working as expected. Your checks are seeing if the statement contains 'weather' and 'what' OR contains the word 'how' (note the lower case).
As your phrase doesn't contain the word 'what' the first check (for the words 'weather' AND 'what') will be false. Also, as the word 'How' starts with a capital 'H' it won't match against 'how', so will also return false and therefore not enter the if statement.
If you want your search to be case insensitive then you will need to consider the language as well, as words all in upper case in some languages mean different things to the same word in all lower case. Here's a similar question and answer, accepted answer detailed below for completeness:
To test if the string paragraph contains the string word (thanks
#QuarterMeister) culture.CompareInfo.IndexOf(paragraph, word,
CompareOptions.IgnoreCase) >= 0
Where culture is the instance of CultureInfo describing the language
that the text is written in.
This solution is transparent about the definition of
case-insensitivity, which is language dependent. For example, the
English language uses the characters I and i for the upper and lower
case versions of the ninth letter, whereas the Turkish language uses
these characters for the eleventh and twelfth letters of its 29
letter-long alphabet. The Turkish upper case version of 'i' is the
unfamiliar character 'İ'.
Thus the strings tin and TIN are the same word in English, but
different words in Turkish. As I understand, one means 'spirit' and
the other is an onomatopoeia word. (Turks, please correct me if I'm
wrong, or suggest a better example)
To summarise, you can only answer the question 'are these two strings
the same but in different cases' if you know what language the text is
in. If you don't know, you'll have to take a punt. Given English's
hegemony in software, you should probably resort to
CultureInfo.InvariantCulture, because it'll be wrong in familiar ways.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
Basically I want to check if a String is a Sentence ("Hello, I am Me!") or Symbol Spam ("HH,,,{''{"), without using the number of symbols as a factor as much as possible. Right now it just detects based on a counter of symbols, but when someone says something with lots of punctuation, they get kicked.
Help?
If the number of symbols in the text is not sufficient, and you don't want to use something too fancy (or bought) could I suggest implementing one or more of these further steps (of increasing difficulty):
Make a count of all A-Za-z and space characters in the string and make a ratio of this to the count of symbols - so if they write a sentence then !!!!!!!!!!!!! at the end it still doesn't snag as the ratio is high enough.
If this still isn't discerning enough, add a further check if you pass item 1...
Count numbers of consecutive A-Za-z characters in the string - work out the average length of these 'words' - if the average is too short then it is probably spam.
These can be done in RegEx reasonably easily - If you want more sophistication then you have to use something written by someone else that has much more developed statistical methods (or start reading lexographical university papers that are beyond me!)
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Here's the scenario: I've been recently tasked to write a rs232 serial device communication interface for our existing application. This application has base classes in place to do the actual communication. Basically all I do is accept a byte array into my class then process it.
Part of the issue is that the byte array delivered can be no more than 1000 bytes at a time yet there could be more data waiting to come in that belongs to that transaction. So I have no idea if what was delivered to me is complete. What I am doing is converting that 1000 byte array into a string and stuffing it into a buffer. This buffer then runs a regex to see if what was added creates a complete transaction. I know it's complete if it matches a particular signature (basically a series of control codes at the beginning and end). This buffer will only append data up to 3 times before giving up if no match is found in case of garbage data coming in and no match is ever possible. This isn't a high data volume device so I don't expect tons of data to come pouring in constantly. And the regular expression is only ever executed on, at most, 3000 characters.
So far it works pretty good, but my question is are regular expressions terrible for this? Are there any ramifications in regards to performance for what I'm using them for? My understanding is that regular expressions are typically bad for large volumes of data but I feel this is quite small.
are regular expressions terrible for this?
On the contrary, regular expressions are great for matching patterns in data sequences.
Are there any ramifications in regards to performance for what I'm using them for?
Regular expressions can be written in really inefficient ways, but that is usually a problem with a particular regular expression, not with regular expressions as a technique.
My understanding is that regular expressions are typically bad for large volumes of data but I feel this is quite small.
There is no universal definition of "large" and "small". Depending on a regex engine, your expression is usually translated into a state machine described by the expression. These machines are really efficient at what they do, in which case the size of the data block can be very considerable. On the other hand, one could write a regex with a lot of backtracking, causing unacceptable performance even on input strings of hundred characters or less.
nothing about what you're doing is raising any red flags.
Some things to keep in mind
Don't preoccupy yourself with performance. Just design your program first, and optimize for performance afterwards, and do so only if you have a performance problem.
Some tasks are unsuitable for regular expressions. Regular expressions can't parse XML very well, and they also can't parse patterns like XnYn Without knowing specifically what you're trying to match for with your regex, I can't really analyze whether it's suitable for your problem. Just be careful that you don't have any odd edge cases.
Regex being bad for large amounts of data is not something that I've heard before, and I've been looking around for it online, I'm still not finding much warning against it.
Normally, the most simple solution is the best one. If you can think of a more straight forward and simple solution to your problem, then go ahead with that. If not, then don't worry too much.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
How to encrypt Decrypt text without using Base64String?
I don't want to use Base64String because encrypted text should not contains any special character like #, $, #, /, \, |,=,% ,^
Well the obvious approach if you don't want to use base64 is to use base16 - i.e. hex.
There are plenty of examples of converting between a byte array and a hex string representation on Stack Overflow. (BitConverter.ToString(data).Replace("-", "") is an inefficient way of performing the conversion to a string; there's nothing quite as simple for the reverse, but it's not much code.)
EDIT: As noted in comments, SoapHexBinary has a simple way of doing this. You may wish to wrap the use of that class in a less SOAP-specific type, of course :)
Of course that will use rather more space than base64. One alternative is to use base64, but using a different set of characters: find 65 characters you can use (the 65th is for padding) and encode it that way. (You may find there's a base64 library available which allows you to specify the characters to use, but if not it's pretty easy to write.)
Do not try to just use a normal Encoding - it's not appropriate for data which isn't fundamentally text.
EDIT: As noted in comments, you can use base32 as well. That can be case-insensitive (potentially handy) and you can avoid I/1 and O/0 for added clarity. It's harder to code and debug though.
There's a great example in the MySQL Connector source code for the ASP.NET membership provider implementation. It may be a little hassle to download and research, but it has a well-established encryption and decryption module in there.
http://dev.mysql.com/downloads/connector/net/#downloads
Choose the 'source code' option before downloading.
If you want encoding/decoding for data transmission or condensed character storage, you should edit your question. Answers given to an encoding question will be much different than answers given to an encryption/decryption question.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
This post was edited and submitted for review last year and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
When users create an account on my site I want to make server validation for emails to not accept every input.
I will send a confirmation, in a way to do a handshake validation.
I am looking for something simple, not the best, but not too simple that doesn't validate anything. I don't know where limitation must be, since any regular expression will not do the correct validation because is not possible to do it with regular expressions.
I'm trying to limit the sintax and visual complexity inherent to regular expressions, because in this case any will be correct.
What regexp can I use to do that?
It's possible to write a regular expression that only accept email addresses that follow the standards. However, there are some email addresses out there that doesn't strictly follow the standards, but still work.
Here are some simple regular expressions for basic validation:
Contains a # character:
#
Contains # and a period somewhere after it:
#.*?\.
Has at least one character before the #, before the period and after it:
.+#.+\..+
Has only one #, at least one character before the #, before the period and after it:
^[^#]+#[^#]+\.[^#]+$
User AmoebaMan17 suggests this modification to eliminate whitespace:
^[^#\s]+#[^#\s]+\.[^#\s]+$
And for accepting only one period [external edit: not recommended, does not match valid email adresses]:
^[^#\s]+#[^#\s\.]+\.[^#\.\s]+$
^\S+#\S+$
^[a-zA-Z0-9_.+-]+#[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$
Only 1 #
Several domains and subdomains
I think this little tweak to the expression by AmoebaMan17 should stop the address from starting/ending with a dot and also stop multiple dots next to each other. Trying not to make it complex again whilst eliminating a common issue.
(?!.*\.\.)(^[^\.][^#\s]+#[^#\s]+\.[^#\s\.]+$)
It appears to be working (but I am no RegEx-pert). Fixes my issue with users copy&pasting email addresses from the end of sentences that terminate with a period.
i.e: Here's my new email address tabby#coolforcats.com.
Take your pick.
Here's the one that complies with RFC 2822 Section 3.4.1 ...
(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")#(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
Just in case you are curious. :)