我曾经介绍过一种保护用户口令的方法。但是有些读者提意见说,许多用户使用很容易被猜出来的口令,因此有很多口令是不值得去保护的。为什么在用户使用他们的宠物的名字和他们的生日作为口令时却尽力精心的保护这些口令呢?你能够而且应该执行一种更强的口令策略。在本期专栏,我将告诉你如何使用JavaScript。
口令策略是一组规则,用来确定哪些口令可以接受,哪些不能接受。典型的策略要求口令长度为八个字符,包含至少一个字母、一个数字和一个特殊字符,而且这些字符都应该是可打印字符。
这个口令检查脚本执行三项检查。如果三项中有任何一项不符合要求,它都会向用户提示错误。
确保口令长度符合规定。
确保口令中只有字母、数字和特殊字符。
确保口令中至少有一个字母、一个数字和一个特殊字符。
首先在头部< head> < /head>中加入以下内容:
< SCRIPT LANGUAGE="JavaScript" SRC=http://www.blue1000.com/article/"pwpolicy.js">
< /SCRIPT>
< SCRIPT LANGUAGE="JavaScript" SRC=http://www.blue1000.com/article/"pwchecker.js">
< /SCRIPT>
你可以像下面这样设置“选择标识和口令”按钮的onClick句柄,以调用口令检查脚本:
< INPUT TYPE="BUTTON" NAME="pwButton" VALUE="Select ID and Password"
onClick="checkPassword(′pwForm′,′pwField′)">
checkPassword()函数在pwchecker.js中定义。第二个.js文件pwpolicy.js指定口令策略。
// Passwordchecker
// This is the main password checking function.
function checkPassword(formName,passwordFieldName) {
pw = window.document.forms[formName].elements[passwordFieldName].value
if(checkPasswordLength(pw))
if(checkPasswordCharsAllowed(pw))
if(checkMinPasswordChars(pw))
window.document.forms[formName].submit();
}
// Check to make sure the password is at least minChars characters long.
function checkPasswordLength(pw) {
if(pw.lengthalert("Your password is less than "+minChars+" characters!")
alert("You must choose a password that is at least "+minChars+" characters in length.")
return false
}
return true
}
// Check to make sure that all of the characters in the password are allowed.
function checkPasswordCharsAllowed(pw) {
for(var i=0;ivar ch = pw.charAt(i);
if((isAlpha(ch) && !lettersAllowed)) {
alert("Your password contains a letter!")
alert("Letters are not allowed in passwords.")
return false
}else if(isNumber(ch) && !numbersAllowed) {
alert("Your password contains a number!")
alert("Numbers are not allowed in passwords.")
return false
}else if(isSpecial(ch) && !specialAllowed) {
alert("Your password contains a special character!")
alert("Special characters are not allowed in passwords.")
return false
}else if(!isAlpha(ch) && !isNumber(ch) && !isSpecial(ch)) {
alert("Your password contains a non-printable character!")
alert("Non-printable characters are not allowed in passwords.")
return false
}
}
return true
}
// Check to make sure the password has the required number of alphabetic, numeric, and
// special characters.
function checkMinPasswordChars(pw) {
var alpha = 0
var numeric = 0
var special = 0
for(var i=0;ivar ch = pw.charAt(i)
if(isAlpha(ch)) ++alpha
else if(isNumber(ch)) ++numeric
else if(isSpecial(ch)) ++special
}
var errMsg = "Your password does not contain the minimum number "
if(alpha < minLetters) {
errMsg += "(" + minLetters + ") "
errMsg += "of alphabetic characters!"
alert(errMsg)
return false
}else if(numeric < minNumbers) {
errMsg += "(" + minNumbers + ") "
errMsg += "of numeric characters!"
alert(errMsg)
return false
}else if(special < minSpecial) {
errMsg += "(" + minSpecial + ") "
errMsg += "of special characters!"
alert(errMsg)
return false
}
return true
}
// Functions used for character identification.
function isAlpha(ch) {
if(ch >= "a" && ch <= "z") return true
if(ch >= "A" && ch <= "Z") return true
return false
}
function isNumber(ch) {
if(ch >= "0" && ch <= "9") return true
return false
}
function isSpecial(ch) {
var special = new Array("!",""","#","$","%","&","′","(",")","*","+",",","-",".","/",
":",";","<","=",">","?","@","[","\","]","^","_","`","{","|","}","~")
for(var i=0;iif(ch == special[i]) return true
return false
}
// Password policy
var minChars = 8
var lettersAllowed = true
var numbersAllowed = true
var specialAllowed = true
var minLetters = 1
var minNumbers = 1
var minSpecial = 1