Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Jan 2009
    Posts
    34
    Thanks
    4
    Thanked 0 Times in 0 Posts

    Help-To check and alert if the first character is a special character

    Hi All,

    I have a HTML form which takes some values including a password field. I have a JS function to check and alert when a user enters some particular special characters(this is bcoz only these characters are not allowed in the back end of the html form, all the other special characters are allowed). following is the code for it.

    Code:
    function checklen()
    {
    var iChars = "`<>";
    
      for (var i = 0; i < document.ipform.password.value.length; i++) {
      	if (iChars.indexOf(document.ipform.passwd.value.charAt(i)) != -1) {
      	alert ("Your password has some special characters. \nwhich are not allowed.\n Please remove them and try again.");
      	return false;
      	}
      }
    now i want a feature which does'nt allow the user to enter an uppercase letter or a special character(only these are allowed~@#$%^&*()-_+|\) as the the first character of the password field. Since i am newbie to JS, It would be a great help if some one can help me to sort out this..

  • #2
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,318
    Thanks
    203
    Thanked 2,566 Times in 2,544 Posts
    I would simply this and say that only lower case letters (why?) and digits may appear as the first character of the password field. In fact, it would avoid possible complications if all special characters were disallowed. The extra security offered by allowing special characters in a password is countered by just one more character in the password. In other words, a password of 8 alpha characters and digits is (in theory) more secure than one of 7 characters including special ones.

    function testpw() {
    var password = "Axxxxxx";

    if (/^[^a-z0-9]/.test(password)) { // only a-z0-9 allowed as first character
    alert ("The password begins with an invalid character");
    return false;
    }
    else {
    alert ("The password is valid");
    }

    }

    Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems." — Jamie Zawinski.

  • Users who have thanked Philip M for this post:

    aniwebapp (05-22-2009)

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    27,700
    Thanks
    80
    Thanked 4,658 Times in 4,620 Posts
    I'm just curious why you would exclude upper case letters from the first character, no matter what else.

    Or why you don't allow a special character there.

    I do agree w/ Philip re the advantage of length over content.

    Let's see...you are allowing 15 different special characters there. So *if* all characters (upper and lower case alpha, digits, those 15 charactes) are allowed in all positions, there are 77 possible characters, and so in 7 positions there are 66^7 combos or 16,048,523,266,853 possible passwords. Take away the special characters away but insist on 8 characters and you have 62^8 combos or 218,340,105,584,896. So clearly the 8 alphanum only is superior.

    But whatever rules you want, you can express them with a regexp. Or maybe 2 or 3 if the rules are complex enough.

  • #4
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,318
    Thanks
    203
    Thanked 2,566 Times in 2,544 Posts
    In my opinion passwords which are impossible to remember are LESS secure as the user is bound to write the password down on a bit of paper located under the mousemat.

    I think that the best passwords are quite long but made up of concatenated words of the language which would not be associated in normal usage:-

    purplestarling
    quondamoldpedant
    mostuglyfirefox

    which of course can be remembered. Although they are made up of words there is no risk of a dictionary attack. In fact I follow this system myself but with the refinement that the words I use are in a foreign langauge.

    Another aspect is the appropriateness of complicated passwords in the particular context. There is a world of difference between a password required to access a bank account etc. and a password to access a game or CodingForums.com. If CF insisted on elaborate passwords with complicated rules about which characters might appear where, it would be completely OTT.

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Quote Originally Posted by Philip M View Post
    In my opinion passwords which are impossible to remember are LESS secure as the user is bound to write the password down on a bit of paper located under the mousemat.

    I think that the best passwords are quite long but made up of concatenated words of the language which would not be associated in normal usage:-

    purplestarling
    quondamoldpedant
    mostuglyfirefox

    which of course can be remembered. Although they are made up of words there is no risk of a dictionary attack. In fact I follow this system myself but with the refinement that the words I use are in a foreign langauge.
    How? Someone could use a hybrid dictionary attack. Granted one of these attacks usually appends numbers or puts them within dictionary words but nothing stopping them from appending words to words.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #6
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,318
    Thanks
    203
    Thanked 2,566 Times in 2,544 Posts
    I don't believe that is possible in the real world.

    There are many thousands - in fact a million or more - words in the English language, so combinations increase exponentially. And why should the hacker guess that the password is so created - he must still try all the other zillions of possibilities. A word with numbers embedded in it must be highly secure - aero7sp52ace must be virtually uncrackable.

    Another factor is that the bot must not only hit on the right word but test that it is the right word, i.e. attempt to gain access using it. This must take appreciable time. Many systems only allow a limited number of password tries.

    As I say, there is a world of difference between banking/military situations and everyday passwords. Who will want to devote massive effort and years of computing time to find out my password to CF?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •