Comments on: Regular Expression Help http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/ Things that Eric A. Meyer, CSS expert, writes about on his personal Web site; it's largely Web standards and Web technology, but also various bits of culture, politics, personal observations, and other miscellaneous stuff Fri, 10 Feb 2012 18:28:30 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: DRIVE http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-5031 DRIVE Wed, 16 Feb 2005 20:46:11 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-5031 <code> <?php $hostname = ($_SERVER['SERVER_NAME']); preg_match("/[^\.\/]+\.[^\.\/]+$/", $hostname, $matches); echo "domain name is: {$matches[0]}\n"; ?> </code>
<?php
$hostname = ($_SERVER['SERVER_NAME']);
preg_match("/[^\.\/]+\.[^\.\/]+$/", $hostname, $matches);
echo "domain name is: {$matches[0]}\n";
?>

]]> By: Gabriel Radic http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1869 Gabriel Radic Mon, 15 Nov 2004 17:01:38 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1869 Eric, you're using a Mac, right? Then love your Keychain. Eric, you’re using a Mac, right? Then love your Keychain.

]]> By: jlcooke http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1681 jlcooke Fri, 05 Nov 2004 14:16:12 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1681 A few things: - If this "master password" to "site password" thing is going to work, you need more than just a master password hashed with a website domain name. + sitepswd = hash(secret + pswd + domain), where secret is randomly generated and stored in a cookie. This is no good for "roaming" users who don't have a dedicated computer, but, meh. - Your site password needs to use more then just hex, try the full [0-9][a-z][A-z](~!@#$%^&*()_+-=) you'll make the passwords harder to guess that way. Here's a few tools that might be handy: Generate a password using mouse movments, timing and SHA-256: http://www.certainkey.com/demos/mkpasswd Check password strength: http://www.certainkey.com/demos/password A few things:
– If this “master password” to “site password” thing is going to work, you need more than just a master password hashed with a website domain name.
+ sitepswd = hash(secret + pswd + domain), where secret is randomly generated and stored in a cookie.
This is no good for “roaming” users who don’t have a dedicated computer, but, meh.
– Your site password needs to use more then just hex, try the full [0-9][a-z][A-z](~!@#$%^&*()_+-=) you’ll make the passwords harder to guess that way.

Here’s a few tools that might be handy:
Generate a password using mouse movments, timing and SHA-256:
http://www.certainkey.com/demos/mkpasswd
Check password strength:
http://www.certainkey.com/demos/password

]]> By: Martijn Ras http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1598 Martijn Ras Wed, 03 Nov 2004 16:24:20 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1598 Heya Nathan, Thanks for noticing my comment <a href="http://www.meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1463"># 32.</a> Mazzel, Martijn. Heya Nathan,

Thanks for noticing my comment # 32.

Mazzel,

Martijn.

]]> By: Peter Chandler http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1552 Peter Chandler Mon, 01 Nov 2004 03:18:52 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1552 What's the point? How would the hash be any more secure than just the master password? If you're going to do this, you'd be better off using a more obscure hash than MD5. What’s the point? How would the hash be any more secure than just the master password?

If you’re going to do this, you’d be better off using a more obscure hash than MD5.

]]> By: Nathan Herald http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1539 Nathan Herald Sun, 31 Oct 2004 08:54:44 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1539 I have made a favelet some of you might want to check out. It does not read the website automagically, you enter it manually. But it works. http://www.myobie.com/password/ Hope this helps someone, I am thinking about using it for a while. I have made a favelet some of you might want to check out. It does not read the website automagically, you enter it manually. But it works.

http://www.myobie.com/password/

Hope this helps someone, I am thinking about using it for a while.

]]> By: Nathan Herald http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1517 Nathan Herald Sat, 30 Oct 2004 22:18:21 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1517 This would work great: <blockquote cite="dude above"> <code> [^.]*\.\([^:/]*\).* </code> </blockquote> When can we see this bookmarklet in action Eric? I would like to see it put to the test... This would work great:


[^.]*\.\([^:/]*\).*

When can we see this bookmarklet in action Eric?
I would like to see it put to the test…

]]> By: Ondrej Valek http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1491 Ondrej Valek Fri, 29 Oct 2004 01:25:00 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1491 Is that worth trying? From my point of view and everyday's experience, every site requires different type of password. One asks for digits-only, another for 5-to-10 characters alphabet-only and so on. It's impossible to create them automagically. I prefer having one stupid password which I use everywhere with just minor predictable changes, which i never use for 'mission critical' sites. And I never use those web passwords for digital signatures or real-life needs, like bank accounts or whatever. Is that worth trying? From my point of view and everyday’s experience, every site requires different type of password. One asks for digits-only, another for 5-to-10 characters alphabet-only and so on. It’s impossible to create them automagically. I prefer having one stupid password which I use everywhere with just minor predictable changes, which i never use for ‘mission critical’ sites. And I never use those web passwords for digital signatures or real-life needs, like bank accounts or whatever.

]]> By: jgraham http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1467 jgraham Thu, 28 Oct 2004 15:38:13 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1467 From the point of view of actually using this, the important comment is Jesse's comment 22 - if you use this utility as a bookmarklet, any site can easilly steal your master password and thus your login to <em>all</em> other sites that you use. That seems like an awful lot of risk. (there are other, practical, issues, like sites that require the same login but are at different domains, but they're somewhat irrelevant in the face of the huge gaping secuirty hole that this bookmarklet opens up). The version with a hardcoded master password variable is a little better (you need to be sure that you trust people with physical access to your machine and that your machine in general is secure). From the point of view of actually using this, the important comment is Jesse’s comment 22 – if you use this utility as a bookmarklet, any site can easilly steal your master password and thus your login to all other sites that you use. That seems like an awful lot of risk. (there are other, practical, issues, like sites that require the same login but are at different domains, but they’re somewhat irrelevant in the face of the huge gaping secuirty hole that this bookmarklet opens up). The version with a hardcoded master password variable is a little better (you need to be sure that you trust people with physical access to your machine and that your machine in general is secure).

]]> By: Aristotle http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1466 Aristotle Thu, 28 Oct 2004 11:52:09 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1466 Oh, and btw: how about not using the URL, but simply letting you pick a local password yourself? So for Amazon, you'd enter your master password and "amazon" to get a unique site password. Sure you'll have to remember two things, but the local password can be reasonably trivial and even be written down without a real problem. Having a bit of code that <em>proposes</em> such a site password by looking at the URL would be beneficial, then. You can still override it if it guesses badly, and twiddle the heuristics if there is a pattern to bad guesses, without ever risking loss of access to any place. Oh, and btw: how about not using the URL, but simply letting you pick a local password yourself? So for Amazon, you’d enter your master password and “amazon” to get a unique site password. Sure you’ll have to remember two things, but the local password can be reasonably trivial and even be written down without a real problem.

Having a bit of code that proposes such a site password by looking at the URL would be beneficial, then. You can still override it if it guesses badly, and twiddle the heuristics if there is a pattern to bad guesses, without ever risking loss of access to any place.

]]> By: Aristotle http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1465 Aristotle Thu, 28 Oct 2004 11:39:09 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1465 <code>$ perl -MRegexp::Common=URI -le'print $RE{URI}{HTTP}{-scheme => "https?"}{-keep}' <strong>((https?)://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:@&=+$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)</strong></code> The third capture group will contain the hostname. The pattern fully respects every aspect of the HTTP URI RFC; I don't know if the JavaScript pattern dialect supports all the features found in Perl's, though. Unfortunately, due to aforementioned problems with domain structures like in <code>.co.uk</code> and the like, you can't really tell how much you can chop off the front of the FQDN… $ perl -MRegexp::Common=URI -le'print $RE{URI}{HTTP}{-scheme => "https?"}{-keep}'
((https?)://((?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-9]*[a-zA-Z0-9]|[a-zA-Z])[.]?)|(?:[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+)))(?::((?:[0-9]*)))?(/(((?:(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*)(?:/(?:(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)(?:;(?:(?:[a-zA-Z0-9\-_.!~*'():@&=+$,]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*))*))*))(?:[?]((?:(?:[;/?:@&=+$,a-zA-Z0-9\-_.!~*'()]+|(?:%[a-fA-F0-9][a-fA-F0-9]))*)))?))?)

The third capture group will contain the hostname. The pattern fully respects every aspect of the HTTP URI RFC; I don’t know if the JavaScript pattern dialect supports all the features found in Perl’s, though.

Unfortunately, due to aforementioned problems with domain structures like in .co.uk and the like, you can’t really tell how much you can chop off the front of the FQDN…

]]> By: Michael Ward http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1464 Michael Ward Thu, 28 Oct 2004 09:48:11 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1464 Mozilla Firefox RC1 has a master passowrd setting for the automatic inputting of usernames/passwords for web sites. It works by, once per browser session, prompting for the master password when a website with saved login details is accessed. Works very well IMHO. Mozilla Firefox RC1 has a master passowrd setting for the automatic inputting of usernames/passwords for web sites.

It works by, once per browser session, prompting for the master password when a website with saved login details is accessed.

Works very well IMHO.

]]> By: Martijn Ras http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1463 Martijn Ras Thu, 28 Oct 2004 08:54:07 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1463 Heya Eric, It's really not that hard, here's my regular expression: [^.]*\.\([^:/]*\).* You're not interested in everything up to the first dot in the hostname "[^.]*\.", what comes next is of interest up to either the start of the port (:) or the path (/), anything after that is of no interest either. Here's two examples: echo "http://www.domain.tld/blah/foo/wow.xyz" | sed 's/[^.]*\.\([^:/]*\).*/\1/' => domain.tld echo "http://www.very.long.domain.co.uk/blah/foo/wow.xyz" | sed 's/[^.]*\.\([^:/]*\).*/\1/' => very.long.domain.co.uk Mazzel, Martijn Heya Eric,

It’s really not that hard, here’s my regular expression:

[^.]*\.\([^:/]*\).*

You’re not interested in everything up to the first dot in the hostname “[^.]*\.”, what comes next is of interest up to either the start of the port (:) or the path (/), anything after that is of no interest either.

Here’s two examples:
echo “http://www.domain.tld/blah/foo/wow.xyz” | sed ‘s/[^.]*\.\([^:/]*\).*/\1/’ => domain.tld

echo “http://www.very.long.domain.co.uk/blah/foo/wow.xyz” | sed ‘s/[^.]*\.\([^:/]*\).*/\1/’ => very.long.domain.co.uk

Mazzel,

Martijn

]]> By: Thomas Cutter http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1462 Thomas Cutter Thu, 28 Oct 2004 05:33:12 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1462 I could really use some help with regular expressions if somebody out there could email me that would be great. I have a project for work that I need to get done asap and I am pretty clueless when it comes to regular expressions. I could really use some help with regular expressions if somebody out there could email me that would be great. I have a project for work that I need to get done asap and I am pretty clueless when it comes to regular expressions.

]]> By: Angus Turnbull http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1461 Angus Turnbull Thu, 28 Oct 2004 04:01:48 +0000 http://meyerweb.com/eric/thoughts/2004/10/27/regular-expression-help/#comment-1461 Enlighten thyself, grasshopper :). The simplest and best coverage of JavaScript regular expressions I've found is this <a href="http://www.evolt.org/article/rating/20/22700/index.html">Evolt article</a>. Having said that, different countries are REALLY going to be the major problem here. Some countries, like NZ, Australia and the UK, allow second level domain names: foo.co.nz bar.co.nz are completely different sites, whereas in some other countries with first-level domains: foo.abc.ru bar.abc.ru are both subdomains of the main abc.ru site, a fully qualified domain in its own right (unlike co.nz). So really, you'd need a database in the bookmarklet of all 2 and 3 letter country codes. Otherwise, the script won't be able to tell which domains san be trimmed down, and which can't. Alternatively, just list a common bunch of second-level subdomains like (co|com|org|net|gen|mil) and don't sweat the occasional shared password... Enlighten thyself, grasshopper :). The simplest and best coverage of JavaScript regular expressions I’ve found is this Evolt article.

Having said that, different countries are REALLY going to be the major problem here. Some countries, like NZ, Australia and the UK, allow second level domain names:

foo.co.nz
bar.co.nz

are completely different sites, whereas in some other countries with first-level domains:

foo.abc.ru
bar.abc.ru

are both subdomains of the main abc.ru site, a fully qualified domain in its own right (unlike co.nz).

So really, you’d need a database in the bookmarklet of all 2 and 3 letter country codes. Otherwise, the script won’t be able to tell which domains san be trimmed down, and which can’t. Alternatively, just list a common bunch of second-level subdomains like (co|com|org|net|gen|mil) and don’t sweat the occasional shared password…

]]>