Timeline for Bash Regex pattern for password to exclude specific special characters with negative lookahead
Current License: CC BY-SA 4.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 3, 2021 at 20:03 | vote | accept | malthus | ||
| Dec 3, 2021 at 18:44 | history | became hot network question | |||
| Dec 3, 2021 at 13:58 | comment | added | malthus | @Gilles'SO-stopbeingevil' fully agree with your suggestion, but the bug in question is in Wordpress which doesn't accept these characters in the password when passed through Wp-CLI. | |
| Dec 3, 2021 at 11:50 | comment | added | Gilles 'SO- stop being evil' | Even just the fact that you're doing password validation in bash is a red flag. It's possible, but hard to verify that the password won't leak due to a bug in another part of the script, or that it won't leak through a side channel in the password validation code, or that it won't end up in a log somewhere. | |
| Dec 3, 2021 at 11:48 | comment | added | Gilles 'SO- stop being evil' | If you have any influence on these requirements, please push back against them. Forbidding some special characters in passwords is a sign that something is broken in your infrastructure: either it can be exploited by something other than a password, or passwords are being passed around to places that can't keep them secret. Requiring special characters in passwords is widespread, but misguided advice that pushes people to choose weaker passwords. security.stackexchange.com/q/131056 security.stackexchange.com/questions/16455 security.stackexchange.com/questions/6095 … | |
| Dec 3, 2021 at 10:57 | answer | added | Kusalananda♦ | timeline score: 9 | |
| Dec 3, 2021 at 10:42 | history | asked | malthus | CC BY-SA 4.0 |