Validating strong passwords perl

A couple years ago Evan Phoenix (of rubinius) and I collaborated (by which I mean he wrote the grammar and I did almost nothing) on a REAL RFC compliant email address validator using a PEG for parsing: I don't know that anyone uses it, or would even want to use it.

It was a fun project, but I certainly wouldn't use it in an app (unless it was an MTA or MUA).

However, "(" is a special character in a MIME field (begins a comment), and thereby if you want to include it in the local part of an e-mail address, you will need to escape it somehow; the same is true of things like whitespace, commas, or angle brackets.

The user typing the e-mail address into the form, however, isn't dealing with these restrictions: asking him to escape special characters in his e-mail address seems silly: one might as well be asking people to HTML escape their username in the username field. I'm the author of the Rails wrapper for the big chunk of regex code; you're correct, it is for use cases that are akin to an MUA/MTA.

Instead of being an error when the e-mail fails validation though, it would say something like: "your e-mail does not appear valid; please double check your entry.

You will be sent an activation e-mail; click [Continue] if you're sure the address is valid."Basically if it fails the "99%" test, then if that fails, let the user decide if their e-mail is in the 1% or not.

It's likely that most of your users who enter something without a period made a mistake.Being able to send an email is a much better test because it matches what you're going to use the email address for in your app.But your way, if the user makes a typo like "[email protected]@bar,com" then he will expect to receive an email but wont.The related RFC 2821, the successor to RFC 821 that is now obsoleted by RFC 5321, is for SMTP.For an example of the kinds of differences this would cause, RFC 5322 (with errata) believes that ""@is invalid (by errata), but hello(ignore)@is (MIME comment); RFC 5321, on the other hand, believes the exact opposite validity.(edit: When I realized that I should probably write a blog post about this, given how much time I've put into implementing this stuff recently, I realized that there was more to say on this general subject, and I'm including it below.)That said, I will go even further: these formats are designed for escaping e-mail addresses in the context of a larger standard and protocol, one that might already have special characters. This is then why the grammer is often so highly restricted for things that don't need to be quoted: given that an @ cannot be found in a domain name, you really shouldn't need to quote anything to the left of the @ to get a valid e-mail address.

Leave a Reply