Results 1 to 6 of 6

Thread: Define "Complexity" rules?

  1. #1

    Thread Starter
    PowerPoster
    Join Date
    Aug 2003
    Location
    Edinburgh, UK
    Posts
    2,773

    Define "Complexity" rules?

    Hi
    im trying to come up with something, which may or may not be possible, on defining a set of "rules" (defined by user) for a password complexity rule.

    I want to make sure that when a user creates a password, that it will be passed through the user defined complexity rules and see if they validate.

    how can one create such a complexity "engine" which is defined by the user?

    MVP 2007-2010 any chance of a regain?
    Professional Software Developer and Infrastructure Engineer.

  2. #2
    PowerPoster Evil_Giraffe's Avatar
    Join Date
    Aug 2002
    Location
    Suffolk, UK
    Posts
    2,555

    Re: Define "Complexity" rules?

    Generally these take the form of "Password must be at least X characters", "must contain at least Y letters", "must contain at least Z numeric characters", ...

    It should be fairly easy to define a class representing such a rule in that form. You need a predicate function that returns whether a given character matches the rule and a minimum number of characters that must match the predicate for the password to be valid.

  3. #3

    Thread Starter
    PowerPoster
    Join Date
    Aug 2003
    Location
    Edinburgh, UK
    Posts
    2,773

    Re: Define "Complexity" rules?

    agreed but i guess my question is difficult to put into words

    sure, us developers know about this. but what if the user wanted to come up with a rule something like "the password must contain their name" - without having to redevelop to take this into consideration, there just wouldnt be a way would there for having such rules defined?

    MVP 2007-2010 any chance of a regain?
    Professional Software Developer and Infrastructure Engineer.

  4. #4
    PowerPoster Evil_Giraffe's Avatar
    Join Date
    Aug 2002
    Location
    Suffolk, UK
    Posts
    2,555

    Re: Define "Complexity" rules?

    For an arbitrary rule like that, it would be difficult. It would be possible, but by then you're defining a DSL for password rules, and you're almost asking the admins to become programmers in your new language. What sort of software is this for? If it's internally deployed (in-house or web-based), it would be simpler just to make a change to the code by programmers. If it's shrink-wrap or downloaded from the internet, that's not going to work, so you might look into allowing plug-ins, but since they have to operate on the password thus have access to the password data, that's something of a security hole. (And doing it on the server side might not fly if your authentication protocol is a good one that doesn't rely on the server ever receiving the password in clear)

    [Edit: <tl;dr> summary: sux to be you. ]

  5. #5

    Thread Starter
    PowerPoster
    Join Date
    Aug 2003
    Location
    Edinburgh, UK
    Posts
    2,773

    Re: Define "Complexity" rules?

    hehe. no it was just a question, its part of a spec for a client.

    MVP 2007-2010 any chance of a regain?
    Professional Software Developer and Infrastructure Engineer.

  6. #6
    Angel of Code Niya's Avatar
    Join Date
    Nov 2011
    Posts
    9,017

    Re: Define "Complexity" rules?

    Perhaps you could create a declarative(something like CSS) scripting language to define validation. However, its a complicated(or at least time consuming) solution.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width