[OWASP_PHPSEC] Hi

rahul chaudhary rahul300chaudhary400 at gmail.com
Thu Oct 10 02:08:54 UTC 2013


Hey Paulo,

I read your question again, and your issue that 2013-02-31 is coming true
is not really an issue.

The isDate() function inside BasicPasswordManagement is used to check if
the password contains date-like format in it. So, it doesn't matter if 31
Feb is coming true. :)


On Wed, Oct 9, 2013 at 10:04 PM, rahul chaudhary <
rahul300chaudhary400 at gmail.com> wrote:

> Hello Paulo,
>
> First of all, sorry for this late reply....
>
> Now, what you said about date is correct, but a correct date format was
> not the goal of this project at that time since we were bounded by time.
> So, this date issue is for next release. In ver 2, we will try to solve
> this date problem..
>
>
> What you said about 2013-02-31 is also true and I never thought of
> this....since you pointed it out, I will make an issue about this in github
> and then we will try to solve it. In the mean time, if you have a solution,
> then please correct the code and push it to the github. Thanks buddy for
> showing your interest in this project.
>
>
> On Sun, Oct 6, 2013 at 4:35 PM, Paulo Guerreiro <
> paulocmguerreiro at gmail.com> wrote:
>
>> Hi all,
>> I'm Paulo from Portugal and have just joined this project with hope to
>> contribute to the phpsec.
>>
>> I have been browsing the code to understand it's structure and found a
>> set of function, that i think it deserves it's own class.
>> I'm talking about:
>>     phpsec\BasicPasswordManagement::isDate
>>     phpsec\BasicPasswordManagement::containsDate
>>
>> Since the framework already has this functions built-in, why not exposed
>> it to the end developers (checking for dates, convert between formats, date
>> intervals and so on, it's a everyday task when dealing with dates).
>>
>> What do you guys think? this way we could provide a richer (better
>> controlled by the framework) api to the end developer?
>>
>> Now onto something usefull: Specially this two function could accept an
>> optional second parameter, something like an ENUN representing several
>> date formats. This would allow the developer checks if a date is valid and
>> has a preferred format.
>>
>> The syntax could be something like:
>>     isDate($string) : test all of the implemented formats (as it is)
>>     isDate($string, \phpsec\Date::DDMMYYYY) : test only this format
>>
>>
>> Lasty, this function triggers a false positive, it accepts dates out of
>> range such as 2013-02-31
>>
>>
>> Sorry for my long first post ... and hope you can understand my english :)
>>
>> Thanks
>> Paulo Guerreiro
>>
>>
>> _______________________________________________
>> OWASP_PHP_Security_Project mailing list
>> OWASP_PHP_Security_Project at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp_php_security_project
>>
>>
>
>
> --
> Regards,
> Rahul Chaudhary
> Ph - 412-519-9634
>



-- 
Regards,
Rahul Chaudhary
Ph - 412-519-9634
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20131009/3b1efe80/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list