What's the use of Deterministic Regular Expressions?

Stand back! I don't understand regular expressions

How do I use regular expressions to express "at least one of each of these, but not necessarily in this order"? I'm working on setting password verification for a website (ASP .NET, if it matters), but I can't wrap my head around the regex. I've never been that great at regular expressions, but this has me boggled. I roughly understand the "one or more" part, and how to define letters, numbers, and special characters, but how to combine them? Here are the rules: The password must contain at least one lower-case letter, at least one capital letter, at least one number (0-9), and at least one special character (!@#$%^&*). No whitespace allowed. It must be at least 8 letters It must have a special character in the first 7 positions The first and last characters can not be numbers. It can't contain the user's username (probably easier to make this a separate validation). The first one is the one where I get really stumped. So what's the prognosis, Hivemind? Is it possible to evaluate all of this in one regex, or should I just do one validation for each requirement?
Answer:

Look into using something like (?=\w*[a-z]) to check for at least one lower case letter; you can string these (?=) statements together and they will be position independent (eg, (?=\w*[a-z])(?=\w*[A-Z]) will make sure there is at least one lower case and upper case letter, regardless of order). So you should be able to cut this down to one or two regex statements. However, while that might be fun, please don't do it in actual practice. Make a separate regex for each condition, with line breaks and a comment describing each one.

specialagentwebb at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

I know this doesn't exactly answer the question but I feel rather strongly that it's, well, the wrong question. Bluntly - what are the chances that anyone is going to remember their password? This is a monstrous password scheme; it's more than likely, it's probable, that user passwords will be recorded in other places with far poorer security than anyone who thinks that such a password is required would like to think their web application is going to offer. Like a sticky on their monitor. I'd lobby for a far saner scheme or propose a counseling for anyone who thinks this is going to make anything safer.

mce

I agree, do it in seperate regexen. It'll make the code vastly more maintainable and readable. Remember, not only is hell other people's code, it's also your own code 6 months later.

chrisamiller

I've written regular expression engines, and there's not a chance I'd even consider doing this with a single regexp, or even one per rule. Just code this in a straightforward way, using ordinary string methods and what else you have access to. That'll probably take you less time that in took you to write this post. (this doesn't mean that it cannot be done, though, if you have an engine that supports lookahead assertions or are willing to write a program to generate the expression for you, but it's not really worth it. there are other brainteasers out there that are much more likely to bring you fame and money and impress people :-)

effbot

Not a chance of doing this in a single regex. I'd do the first as three separate regexes to boot.

bfranklin

It is not possible. If you move "it can't contain the username" to a separate validation, it becomes possible theoretically, but would be hideously long and unreadable by humans.

qxntpqbbbqxl

(eg, (?=\w*[a-z])(?=\w*[A-Z]) will make sure there is at least one lower case and upper case letter, regardless of order) Except that \w won't match a special character, that is.

effbot

Ah right, well he would have to adjust to fit the other conditions, and you'll need actual string-consuming matches before and after as well. Just pointing him in the right direction. Or the wrong direction, depending on how you see it.

skintension

Her. Sorry.

skintension

http://ask.metafilter.com/138483/Stand-back-I-dont-understand-regular-expressions#1978999: "I'd lobby for a far saner scheme or propose a counseling for anyone who thinks this is going to make anything safer." Seconding a better understand of what real security means (hint: not ridiculous and unjustified restrictions on passwords).

turkeyphant

Related Q & A:

How can you erase a link on the tab that I don't want to have anymore?Best solution by Yahoo! Answers
Is there any way I can get my MSN password back if I don't know the secret question that it asks?Best solution by Yahoo! Answers
How should I deal with people I don't like at work?Best solution by time.com
How do I find a certain tv channel if I don't know what number it is?Best solution by timewarnercable.com
Should I apply for a job if I don't have the minimum requirements?Best solution by themuse.com

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.