Ticket #229 (closed defect: fixed)

Opened 10 months ago

Last modified 7 months ago

TLD Regex

Reported by: arantius-magicpassword@… Owned by: t-bone
Priority: major Component: Magic Password Generator
Version: 1.5 Severity: Broken
Keywords: Cc:

Description

I examined the TLD regex in the bookmarklet to find out that it is a bit too simplistic. For ccTLD it will use the same passwords for many sites.

E.g. for www.amazon.co.uk and www.bbc.co.uk the regex /[^.]*\.[^.]*$/ will generate "co.uk".

I would suggest the following regex (not tested):

/[^.]+\.(([^.]{2,3}\.)?[^.]{2}|[^.]{3,})$/

Rational: If it ends with 3 chars or more it is not a ccTLD so the reduction is pretty much the original regex. If it ends with 2 chars it IS a ccTLD. In that case it is highly unlikely that the main domain will be 2-3 chars, so 2-3 chars are assumed to be part of the ccTLD (e.g. com.uk, ac.uk, org.uk, but not google.fr). So, for 2-3 chars we take *.123.uk, and for longer just *.fr like the original regex. We also have to have at least one char in the main domain.

Attachments

Change History

Changed 10 months ago by arantius-magicpassword@…

The e.g com.uk is wrong (not in the sense of the regex, but in the sense that it is co.uk). A better one is com.br, as in google.com.br.

Changed 10 months ago by arantius-magicpassword@…

Oh, and please note that the ! in the regex in the email version of this ticket is due to the wiki formatting escape and is not part of the regex :)

Changed 7 months ago by t-bone

Changing this logic is a bit dangerous. For anyone that doesn't understand how it is currently insufficient, but uses it anyway, it has the potential to "lock them out" of their account (now generating a different password, when picking a new host name, for the same site). Such a user is very unlikely to know why.

However, I agree that the current behavior is severely lacking, and the set of affected users is likely to be very small. I'm not a big fan of the very cryptic regex, however, so I've taken my own tack. I've picked a particular set of very common third-level domains, and I'll match "any of those-dot-two letters".

So this new approach currently maps:

original host picks name
www.google.com google.com
www.amazon.co.uk amazon.co.uk
www.soundslike.be soundslike.be
yardley.ca yardley.ca
slashdot.org slashdot.org
laian.com.es laian.com.es
nightsky.jpl.nasa.gov nasa.gov
signin.ebay.com ebay.com
signin.ebay.de ebay.de
signin.ebay.co.uk ebay.co.uk

I believe this is basically: how it used to act, plus better third-level-domain handling.

Changed 7 months ago by t-bone

  • status changed from new to closed
  • resolution set to fixed

(In [500]) Fixes #229

  • Gracefully handle third-level (i.e. .co.uk) domain names.

Add/Change #229 (TLD Regex)

Author


E-mail address and user name can be saved in the Preferences.


Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.