|
-
Feb 6th, 2012, 05:33 AM
#1
Thread Starter
PowerPoster
Define "Complexity" rules?
Hi
im trying to come up with something, which may or may not be possible, on defining a set of "rules" (defined by user) for a password complexity rule.
I want to make sure that when a user creates a password, that it will be passed through the user defined complexity rules and see if they validate.
how can one create such a complexity "engine" which is defined by the user?
-
Feb 6th, 2012, 06:28 PM
#2
Re: Define "Complexity" rules?
Generally these take the form of "Password must be at least X characters", "must contain at least Y letters", "must contain at least Z numeric characters", ...
It should be fairly easy to define a class representing such a rule in that form. You need a predicate function that returns whether a given character matches the rule and a minimum number of characters that must match the predicate for the password to be valid.
-
Feb 6th, 2012, 06:31 PM
#3
Thread Starter
PowerPoster
Re: Define "Complexity" rules?
agreed but i guess my question is difficult to put into words 
sure, us developers know about this. but what if the user wanted to come up with a rule something like "the password must contain their name" - without having to redevelop to take this into consideration, there just wouldnt be a way would there for having such rules defined?
-
Feb 6th, 2012, 06:40 PM
#4
Re: Define "Complexity" rules?
For an arbitrary rule like that, it would be difficult. It would be possible, but by then you're defining a DSL for password rules, and you're almost asking the admins to become programmers in your new language. What sort of software is this for? If it's internally deployed (in-house or web-based), it would be simpler just to make a change to the code by programmers. If it's shrink-wrap or downloaded from the internet, that's not going to work, so you might look into allowing plug-ins, but since they have to operate on the password thus have access to the password data, that's something of a security hole. (And doing it on the server side might not fly if your authentication protocol is a good one that doesn't rely on the server ever receiving the password in clear)
[Edit: <tl;dr> summary: sux to be you. ]
-
Feb 7th, 2012, 02:55 AM
#5
Thread Starter
PowerPoster
Re: Define "Complexity" rules?
hehe. no it was just a question, its part of a spec for a client.
-
Feb 10th, 2012, 09:57 AM
#6
Re: Define "Complexity" rules?
Perhaps you could create a declarative(something like CSS) scripting language to define validation. However, its a complicated(or at least time consuming) solution.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|