Re: Installing Python (2.7) 'by hand' on Ubuntu - possible?
Mirko wrote: > On 22.12.2020 at 20:24 Chris Green wrote: > > > Yes, I do have the Python source. The only thing I don't have the > > source for is a .so file and that's why I can't simply migrate the > > program(s) from Python 2 to Python 3. > > > > If it's just one .so and that library is compatible with basic libs > such as glibc and has no further big dependencies, then there may be > a simpler way than cx_freeze or even snap/docker/etc. > > Python 2 will likely be available for quite some more years as an > optional package. But even with a self-compiled version, you should > be able to put the required libraries somewhere and set > LD_LIBRARY_PATH or maybe LD_PRELOAD accordingly. For a few depending > libs, this works well, but it gets really nasty if glibc or big > frameworks such as GTK are involved. Unfortunately GTK is involved, the utility pops up a GUI that uses Gtk2, that's part of the can of worms that this has become because of the non-trivial migration of GTK from Python 2 to Python 3. As I said I have the Python source and it's not particularly difficult to move that from Python 2 to Python 3, the killer is a .so compiled for Python 2. -- Chris Green · -- https://mail.python.org/mailman/listinfo/python-list
Re: pexpect with kadmin
> On 23 Dec 2020, at 04:04, Joseph L. Casale wrote: > > Anyone ever used pexpect with tooling like kadmin and have > insight into how to manage interacting with it? > > After setting up debug logging, I was able to adjust the expect > usage to get the input and output logs to at least appear correct > when setting a password for a principal, however even with a > successful return code from kadmin, there is some discrepancy > and the credential is not being set right. > > When run manually, the credentials work fine, it's almost as if > kadmin is swallowing the newline from pexpect within the password. > > I am using python 3.5 from Windows, over plink.exe, onto a rhel > 7 server. Unfortunately, I am stuck with all the levels of indirection. If you have windows 10 can you use Windows Subsystem for Linux (WSL) to install one of the Linux distros and use that? Barry > > Thanks, > jlc > -- > https://mail.python.org/mailman/listinfo/python-list > -- https://mail.python.org/mailman/listinfo/python-list
Re: Pickling issue.
On 22/12/20 01:57, Bob Gailer wrote:
>
>
> On Mon, Dec 21, 2020, 3:03 PM Vincent Vande Vyvre
> wrote:
>
> Hi,
>
> I've an object that I want to serialise with pickle.
> When I reload the object the attributes of this object are correctly
> fixed except one of these.
>
> This attribute (value) define a simple string.
>
> Example:
> -
> tag = XmpTag('Xmp.dc.form'image/jpeg')
>
>
> I am not familiar with XmpTag. Where might I get the containing module?
>
> ... skip
>
Yes, it's available with pip:
https://pypi.org/project/py3exiv2/
If you want to test it, just add from pyexiv2.xmp import XmpTag to my example.
and the source is here:
https://bazaar.launchpad.net/~vincent-vandevyvre/py3exiv2/trunk/view/head:/py3exiv2/src/pyexiv2/xmp.py
This is a Python-3 binding of the lib exiv2, the wrapper source code is here:
https://bazaar.launchpad.net/~vincent-vandevyvre/py3exiv2/trunk/view/head:/py3exiv2/src/exiv2wrapper.cpp#L359
exiv2 doc is here:
https://www.exiv2.org/doc/classExiv2_1_1Xmpdatum.html
Sorry for the late response but it seems a moderation problem with my account.
Vincent
--
https://mail.python.org/mailman/listinfo/python-list
using regex for password validation
hello guys,
I have this pattern for password validation (regex):
I want these rules to be applied:
Minimum 8 characters.
The alphabets must be between [a-z]
At least one alphabet should be of Upper Case [A-Z]
At least 1 number or digit between [0-9].
At least 1 character from [ _ or @ or $ ].
and this pattern:
passwordpattern = "^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$])[A-Za-z\d@$!%?&]{8,}.$"
my only issue is that I want to add the symbol () and symbol(.) in the pattern
where only it accepts $ and @, I tried adding generally like [@_$] not working
--
https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On 12/23/20 10:03 AM, Sadaka Technology wrote:
hello guys,
I have this pattern for password validation (regex):
I want these rules to be applied:
Minimum 8 characters.
The alphabets must be between [a-z]
At least one alphabet should be of Upper Case [A-Z]
At least 1 number or digit between [0-9].
At least 1 character from [ _ or @ or $ ].
and this pattern:
passwordpattern = "^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$])[A-Za-z\d@$!%?&]{8,}.$"
my only issue is that I want to add the symbol () and symbol(.) in the pattern
where only it accepts $ and @, I tried adding generally like [@_$] not working
I'm not going to answer your question, don't have the brainpower at the
moment to disentangle your regex.
Therein comes the source of the (unasked-for) comment: if looking at a
regex gives you a headache - and worse, it doesn't work as you hope, you
probably want to solve a problem another way.
If you're enforcing a password policy (and this isn't a homework
question, where the rules conveniently don't change over time), I'd
claim you're better off writing a readable routine that applies the
policy in such a way that you can accommodate changes to the policy.
What if someone decides that the non-alnum set can also include a comma
or other characters? What if there's a different constraint applied to
the first character of the password? (both of those are moderately common).
Telling someone the password they tried to propose doesn't meet the
policy isn't performance sensitive, since it is a human-interactive
process, so it's okay to be a little slower and a lot clearer (that's
not even a Python issue!)
If you're going to stick with a regex, run the completed regex through
one of the online validators, and paste its analysis (they usually give
you a breakdown of what each piece means) as a comment, so some future
programmer has a hope...
--
https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On 2020-12-23 17:03, Sadaka Technology wrote:
hello guys,
I have this pattern for password validation (regex):
I want these rules to be applied:
Minimum 8 characters.
The alphabets must be between [a-z]
At least one alphabet should be of Upper Case [A-Z]
At least 1 number or digit between [0-9].
At least 1 character from [ _ or @ or $ ].
and this pattern:
passwordpattern = "^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$])[A-Za-z\d@$!%?&]{8,}.$"
my only issue is that I want to add the symbol () and symbol(.) in the pattern
where only it accepts $ and @, I tried adding generally like [@_$] not working
Your pattern:
^ Matches at start of string
(?=.[a-z]) Matches any character and then one [a-z]
(?=.[A-Z]) Matches any character and then one [A-Z]
(?=.\d) Matches any character and then one digit
(?=.[@$]) Matches any character and then one of [@$]
[A-Za-z\d@$!%?&]{8,}Matches 8 or more of [A-Za-z\d@$!%?&]{8,}
. Matches any character
$ Matche at end of string
The pattern will never match because the second character cannot be one
of [a-z] _and_ one of [A-Z] _and_ a digit _and_ one of [@$] _at the same
time_.
I'm not sure what you mean by "The alphabets must be between [a-z]" (all
letters lower case?) and also "At least one alphabet should be of Upper
Case [A-Z]" (at least one upper case letter).
I'm guessing you mean that all letters must be [A-Za-z], but at least
one of them must be [A-Z].
Also, what do you mean by "symbol () and symbol(.)"; I see the "."
between the second parentheses in the second one, but nothing between
the first.
Anyway, how about this pattern:
^(?=.*[A-Z])(?=.*[0-9])(?=.*[_@$])[A-Za-z0-9@$_!%?&]{8,}$
--
https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On 2020-12-23, Mats Wichmann wrote: > Telling someone the password they tried to propose doesn't meet the > policy isn't performance sensitive, since it is a human-interactive > process, so it's okay to be a little slower and a lot clearer (that's > not even a Python issue!) You're far, far better off writing a function that tests each rule separately, so that you can tell the user _why_ the password isn't allowed. If you use a regex, it's just pass/fail. The user won't have any idea how to fix the problem. -- Grant Edwards grant.b.edwardsYow! With YOU, I can be at MYSELF ... We don't NEED gmail.comDan Rather ... -- https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On Thu, Dec 24, 2020 at 4:09 AM Sadaka Technology
wrote:
>
> hello guys,
>
> I have this pattern for password validation (regex):
>
> I want these rules to be applied:
>
> Minimum 8 characters.
> The alphabets must be between [a-z]
> At least one alphabet should be of Upper Case [A-Z]
> At least 1 number or digit between [0-9].
> At least 1 character from [ _ or @ or $ ].
>
> and this pattern:
>
> passwordpattern =
> "^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$])[A-Za-z\d@$!%?&]{8,}.$"
>
> my only issue is that I want to add the symbol () and symbol(.) in the
> pattern where only it accepts $ and @, I tried adding generally like [@_$]
> not working
>
Easy solution:
passwordpattern = ".{11,}"
This mandates more security than the one you're using, AND it's far
less frustrating for users.
Please stop inflicting horrific password rules on the world.
Especially, requiring one "symbol" - where "symbol" is always defined
differently from one place to another (and in your case, you're
offering just three valid options) - causes weaker passwords and more
frustration.
Just don't do it.
ChrisA
--
https://mail.python.org/mailman/listinfo/python-list
RE: pexpect with kadmin
> If you have windows 10 can you use Windows Subsystem for Linux (WSL) > to install one of the Linux distros and use that? Interesting idea, sadly I am too far past the deadline on this to go through the red tape needed to get that in place. Thanks, jlc -- https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On 24/12/2020 06:03, Sadaka Technology wrote:
hello guys,
I have this pattern for password validation (regex):
I want these rules to be applied:
Minimum 8 characters.
The alphabets must be between [a-z]
At least one alphabet should be of Upper Case [A-Z]
At least 1 number or digit between [0-9].
At least 1 character from [ _ or @ or $ ].
and this pattern:
passwordpattern = "^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$])[A-Za-z\d@$!%?&]{8,}.$"
my only issue is that I want to add the symbol () and symbol(.) in the pattern
where only it accepts $ and @, I tried adding generally like [@_$] not working
A quick web.search reveals, quite evidently, loads of people attempt to
solve this problem with ever more-powerful RegExs. (and ever more
perplexing questions on SO, etc)
There's something seductive about RegEx-s to the average ComSc student.
The challenge of wielding such control, so concisely. APL or Lisp
programming anyone? I recall positively-devouring Jeff Friedl's book -
with expectations of 'changing the world'...
[back down to earth] These days I seldom use them (NB ActiveState do?did
a (recommended) 'cheat sheet', a copy of which resides in my desk-file
as crib-notes)
Contrarily, a RegEx may be quite the wrong tool for the job. Partially
because such expressions are difficult to understand - either someone
else's code or my own from the proverbial six-months back(!); and
partially here we're attempting to solve multiple problems in one go.
(I'm writing this from the perspective of 'Apprentice' professionals or
a ComSc student - with any/all due apologies and respect to the OP)
There is much virtue in saying that every Python routine should solve
one problem (and only one!), and do that well. Similarly, the scientific
method as applied to software development is to break each problem into
smaller, more manageable problems (per ardua) - and thus, more
recognisable solutions (and we're back to me banging-the-drum of
readability).
Here's the problem-solution:
def validate_password( attempt:str )->bool:
...
(Oh yeah, wow!)
Obviously(!) this (larger) routine will contain more (smaller, more
manageable) routines. We can follow the format, exactly as outlined in
the specification (or homework assignment, as appropriate):
> Minimum 8 characters.
def validate_length( rule:int, attempt:str )->bool:
> The alphabets must be between [a-z]
def validate_lower_case( attempt:str )->bool:
# see note, below
> At least one alphabet should be of Upper Case [A-Z]
def validate_upper_case( attempt:str )->bool:
# also, see note, below
> At least 1 number or digit between [0-9].
def validate_numeric( attempt:str )->bool:
# again, see note, below
> At least 1 character from [ _ or @ or $ ].
def validate_specials( rule:Set, attempt:str )->bool:
There were five specifications, so there are five (sub) routines, called
in-turn by validate_password() (a "decision ladder") - with a fast-drop,
should you wish.
Hang-on though, look at how much 'work' is involved, compared with a
single line of RegEx! Why go to such bother? There's several reasons.
Notice how the spec has become code? "Readability" is not merely the
appearance and communication-quality of one's code, but the transfer of
ideas across levels, or layers, of detail!
Notice that the above have a parameter "rule". Why?
(and that's not (only) the question: "why don't we encode these as
constants within the function?")
If you've 'been around' for a while, you will have noticed that password
rules keep changing, over time, presuming that becoming more 'strict',
will make the system more secure.
(am not going to discuss the hope of solving (largely) social problems
with technological solutions!)
What would be the impact of a 'make it strict-er' business-rule change
(specification) on the one-line RegEx solution? Persisting with the
long-way around:-
A frequent call is to increase the minimum-length of passwords. How
could we do this? Using RegEx, adjust the counter - but which part is
the 'counter'?
Alternately, here, reading the code we find validate_length() (or the
documentation where "rule" is defined/given its value) and change the
value of the integer. QED!
(and by "QED" I mean: this is a job which could be given to the newest
of Junior Programmers, with a high confidence of (rapid) success)
Similarly, in the above structure, validate_specials() expects to be
given a 'rule' which is currently:
{ '[', '_', '@', '$', ']', }
How easy would it be to add another character, eg "#" or "€"; when your
system goes international and is being used by folk with
European-variant keyboards? Is extending the set easier (and more likely
to retain fidelity) than fiddling with a RegEx?
[and here's the note]
If our ambitions include dreams of 'world domination', then we can
extend exactly the same idea of "rule" to the other three routines!
Re: using regex for password validation
On 2020-12-24 at 11:41:15 +1300,
dn via Python-list wrote:
> On 24/12/2020 06:03, Sadaka Technology wrote:
> > hello guys,
> >
> > I have this pattern for password validation (regex):
[...]
> > passwordpattern =
> > "^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[@$])[A-Za-z\d@$!%?&]{8,}.$"
> >
> > my only issue is that I want to add the symbol () and symbol(.) in
> > the pattern where only it accepts $ and @, I tried adding generally
> > like [@_$] not working
[...]
Is it my imagination, or does a password in which the only lower case
letter is at the beginning fail?
> Contrarily, a RegEx may be quite the wrong tool for the job. Partially
> because such expressions are difficult to understand - either someone
> else's code or my own from the proverbial six-months back(!); and
> partially here we're attempting to solve multiple problems in one go.
"[M]ay be quite"? You are far too kind, dn.
> If our ambitions include dreams of 'world domination', then we can
> extend exactly the same idea of "rule" to the other three routines!
> Whilst we 'start' with (say) the ASCII character definitions of a-z,
> we will *be able* to extend into accented characters such as "ô" -
> which really would promote us to take a rôle on the world-stage.
> (hah!)
If you're going to wander out of ASCII, then don't forget to address
Unicode confusables. Nothing is more embarrassing than scribbling your
complicated password on a sticky note and then not being able to tell
the o's from the ο's. ;-)
> If we're going to be nice to our users, from where do we express these
> "rules"? If the rule is hard-coded, then the user-advice must also be
> hard-coded - and what do we say about having 'the same code' in
> multiple locations? (see also "DRY principle"). How could one state
> "the rules" *once*, and in such a fashion that they can be used for UX
> output and a RegEx?
That's the beauty of a regular expression: it's both human and computer
readable. Just show the user the regular expression(s) you used. Oh,
wait. Sorry. Scratch that.
Thanks, dn, for saying all of that (including what I snipped) out loud.
--
https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On Thu, Dec 24, 2020 at 9:42 AM dn via Python-list
wrote:
> Hang-on though, look at how much 'work' is involved, compared with a
> single line of RegEx! Why go to such bother? There's several reasons.
Good question! Look at this alternative:
def validate_password(attempt):
return len(attempt) >= 11
Wow! So much easier. Only one function needed AND it's more secure!
> A frequent call is to increase the minimum-length of passwords. How
> could we do this? Using RegEx, adjust the counter - but which part is
> the 'counter'?
In my example here, it's pretty easy to find!
> If our ambitions include dreams of 'world domination', then we can
> extend exactly the same idea of "rule" to the other three routines!
> Whilst we 'start' with (say) the ASCII character definitions of a-z, we
> will *be able* to extend into accented characters such as "ô" - which
> really would promote us to take a rôle on the world-stage.
> (hah!)
Wow! It wins on that too! And even better - it counts Cyrillic letters
as letters, it counts Greek letters as letters, and it counts Arabic
letters as letters too! Isn't it so much easier than a regex?
> If we're going to be nice to our users, from where do we express these
> "rules"? If the rule is hard-coded, then the user-advice must also be
> hard-coded - and what do we say about having 'the same code' in multiple
> locations? (see also "DRY principle"). How could one state "the rules"
> *once*, and in such a fashion that they can be used for UX output and a
> RegEx?
Very very good point. I think "Passwords must be at least eleven
characters long" is a problem, because you would need to *manually*
translate the number "11" into the word "eleven". So the best way
would be to use "Passwords must be at least {minlength} characters
long" and then you know that it's going to correlate.
> Second UX-consideration (and its a 'biggie'!): if a password 'fails',
> how can we take the 'result' from a large and complex RegEx, and explain
> to the user which [multiple] of the five requirements was/were not met?
> A failure in the RegEx above tells the system not to proceed, but
> doesn't tell the user is a letter is missing, a digit, ...
>
True, very true. Once again, a win for simplicity: with only one rule,
it's easy to know which one you ran up against.
ChrisA
--
https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On Thu, Dec 24, 2020 at 10:21 AM <[email protected]> wrote: > If you're going to wander out of ASCII, then don't forget to address > Unicode confusables. Nothing is more embarrassing than scribbling your > complicated password on a sticky note and then not being able to tell > the o's from the ο's. ;-) TBH I don't think that's really our consideration. My recommendation is: First do a basic Unicode normalization (probably NFC, but there are good arguments for NFD instead), then just use it as-is. Everything else is the user's choice. And you shouldn't ever have to worry about a maximum length; after any checks such as "both passwords must be the same" (on account creation), the only thing you'll need to do is encode it UTF-8 and hand it to bcrypt. But by using simpler password requirements (an 11-character minimum is good in 2020, but maybe in the future you might want to extend that to 12), you reduce the temptation to use confusable letters in it. Context is everything. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On 24/12/2020 12:20, [email protected] wrote: On 2020-12-24 at 11:41:15 +1300, dn via Python-list wrote: On 24/12/2020 06:03, Sadaka Technology wrote: hello guys, I have this pattern for password validation (regex): [...] Is it my imagination, or does a password in which the only lower case letter is at the beginning fail? As mentioned, I don't use RegEx so-often and rely upon a crib-sheet. What I could?should have added, is that there are many web-sites which enable one to enter a RegEx and some sample data, for immediate verification. Very handy! Contrarily, a RegEx may be quite the wrong tool for the job. Partially because such expressions are difficult to understand - either someone else's code or my own from the proverbial six-months back(!); and partially here we're attempting to solve multiple problems in one go. "[M]ay be quite"? You are far too kind, dn. The people on this list often help me, so... Whereas I prefer to use str.functions, others may have their own opinion. To some degree it's one of those 'horses for courses' situations - and as illustrated, if the specs are tightened a bit further, it may well be that a 'minimum of two upper-case characters' rule would be easier to check with a RegEx! If our ambitions include dreams of 'world domination', then we can extend exactly the same idea of "rule" to the other three routines! Whilst we 'start' with (say) the ASCII character definitions of a-z, we will *be able* to extend into accented characters such as "ô" - which really would promote us to take a rôle on the world-stage. (hah!) If you're going to wander out of ASCII, then don't forget to address Unicode confusables. Nothing is more embarrassing than scribbling your complicated password on a sticky note and then not being able to tell the o's from the ο's. ;-) Ök! If we're going to be nice to our users, from where do we express these "rules"? If the rule is hard-coded, then the user-advice must also be hard-coded - and what do we say about having 'the same code' in multiple locations? (see also "DRY principle"). How could one state "the rules" *once*, and in such a fashion that they can be used for UX output and a RegEx? That's the beauty of a regular expression: it's both human and computer readable. Just show the user the regular expression(s) you used. Oh, wait. Sorry. Scratch that. Thanks, dn, for saying all of that (including what I snipped) out loud. I've finished 'official work' for the year - compliments of the season! -- Regards =dn -- https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On 24/12/2020 12:25, Chris Angelico wrote:
On Thu, Dec 24, 2020 at 9:42 AM dn via Python-list
wrote:
Hang-on though, look at how much 'work' is involved, compared with a
single line of RegEx! Why go to such bother? There's several reasons.
Good question! Look at this alternative:
def validate_password(attempt):
return len(attempt) >= 11
Wow! So much easier. Only one function needed AND it's more secure!
You and I have discussed such topics before @Chris. However, we both
know that if the client specifies something (and we can't moderate
such), we deliver accordingly - per Alfred Lord Tennyson.
What we don't know is the OP's wiggle-room with his/her 'client' - which
may be zero if the 'client' is an assignment-grade!
However, the discussion 'beyond' the OP's immediate question is very
necessary!
A frequent call is to increase the minimum-length of passwords. How
could we do this? Using RegEx, adjust the counter - but which part is
the 'counter'?
In my example here, it's pretty easy to find!
In a 'global definition' block or buried in the code-base?
If our ambitions include dreams of 'world domination', then we can
extend exactly the same idea of "rule" to the other three routines!
Whilst we 'start' with (say) the ASCII character definitions of a-z, we
will *be able* to extend into accented characters such as "ô" - which
really would promote us to take a rôle on the world-stage.
(hah!)
Wow! It wins on that too! And even better - it counts Cyrillic letters
as letters, it counts Greek letters as letters, and it counts Arabic
letters as letters too! Isn't it so much easier than a regex?
- but wouldn't you agree that
attempt == "x"*12
is no safer than ""? So, maybe a length-rule without any other
consideration is 'weak-beer'?
(speaking of beer, and for the benefit of non-Australians, and people
everywhere who did learn their abc-s, "" is how @Chris spells "beer"!)
NB probably not suitable for office-viewing:
https://www.youtube.com/watch?v=mtwkDGlpWJk - cheers @Chris!
Speaking of Australian humor:-
If we're going to be nice to our users, from where do we express these
"rules"? If the rule is hard-coded, then the user-advice must also be
hard-coded - and what do we say about having 'the same code' in multiple
locations? (see also "DRY principle"). How could one state "the rules"
*once*, and in such a fashion that they can be used for UX output and a
RegEx?
Very very good point. I think "Passwords must be at least eleven
characters long" is a problem, because you would need to *manually*
translate the number "11" into the word "eleven". So the best way
would be to use "Passwords must be at least {minlength} characters
long" and then you know that it's going to correlate.
Now you're just being plain mischievous!
Second UX-consideration (and its a 'biggie'!): if a password 'fails',
how can we take the 'result' from a large and complex RegEx, and explain
to the user which [multiple] of the five requirements was/were not met?
A failure in the RegEx above tells the system not to proceed, but
doesn't tell the user is a letter is missing, a digit, ...
True, very true. Once again, a win for simplicity: with only one rule,
it's easy to know which one you ran up against.
The 'one rule' I try to live-by, is not to attempt 'important stuff' in
which I have insufficient knowledge*. Rather than strain my brain (and
spend an inordinate amount of time) deciding if/how to authenticate and
authorise users, and then coding same, I'd rather pass the task to a
TechSec specialist!
* which *may* make me seem less like Dilbert, and more Wally
https://en.wikipedia.org/wiki/List_of_Dilbert_characters
--
Regards =dn
--
https://mail.python.org/mailman/listinfo/python-list
Re: using regex for password validation
On Thu, Dec 24, 2020 at 12:56 PM dn via Python-list wrote: > > On 24/12/2020 12:25, Chris Angelico wrote: > > On Thu, Dec 24, 2020 at 9:42 AM dn via Python-list > > wrote: > >> Hang-on though, look at how much 'work' is involved, compared with a > >> single line of RegEx! Why go to such bother? There's several reasons. > > > > Good question! Look at this alternative: > > > > def validate_password(attempt): > > return len(attempt) >= 11 > > > > Wow! So much easier. Only one function needed AND it's more secure! > > You and I have discussed such topics before @Chris. However, we both > know that if the client specifies something (and we can't moderate > such), we deliver accordingly - per Alfred Lord Tennyson. > > What we don't know is the OP's wiggle-room with his/her 'client' - which > may be zero if the 'client' is an assignment-grade! The OP said: > I want these rules to be applied: That means one of two things. Either it's a homework assignment and s/he is dishonestly pretending that it isn't one, or the OP invented the rules. There's nothing about "my client asked me to guard with these exact rules and I want to use a regex so I can have the exact same validation done by the web browser before it gets sent to the server". Don't assume justifications that aren't supported by evidence. > >> A frequent call is to increase the minimum-length of passwords. How > >> could we do this? Using RegEx, adjust the counter - but which part is > >> the 'counter'? > > > > In my example here, it's pretty easy to find! > > In a 'global definition' block or buried in the code-base? Either way would work. Either way is easier than digging through a regex. > >> If our ambitions include dreams of 'world domination', then we can > >> extend exactly the same idea of "rule" to the other three routines! > >> Whilst we 'start' with (say) the ASCII character definitions of a-z, we > >> will *be able* to extend into accented characters such as "ô" - which > >> really would promote us to take a rôle on the world-stage. > >> (hah!) > > > > Wow! It wins on that too! And even better - it counts Cyrillic letters > > as letters, it counts Greek letters as letters, and it counts Arabic > > letters as letters too! Isn't it so much easier than a regex? > > - but wouldn't you agree that > > attempt == "x"*12 > > is no safer than ""? So, maybe a length-rule without any other > consideration is 'weak-beer'? Would you say that "12345Aa$" is a weak password, despite fitting the requirements? What if the password is the person's name? What if the password hint is "the password is 'Sw@rdf1sh'"? It's not our job to stop the user from creating a weak password - just to encourage the use of better passwords. A length rule on its own is sufficient to cover a lot of cases, and no regex is sufficient to cover all cases. > (speaking of beer, and for the benefit of non-Australians, and people > everywhere who did learn their abc-s, "" is how @Chris spells "beer"!) > NB probably not suitable for office-viewing: > https://www.youtube.com/watch?v=mtwkDGlpWJk - cheers @Chris! Actually I don't, that's a myth :) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
