I’m using this to (try) to validate a ‘strong’ password in ColdFusion 7. if

Question

0

Asked: June 5, 20262026-06-05T19:01:36+00:00 2026-06-05T19:01:36+00:00

I’m using this to (try) to validate a ‘strong’ password in ColdFusion 7. if

0

I’m using this to (try) to validate a ‘strong’ password in ColdFusion 7.

if ( REFind("^(?=.*[A-Z])(?=.*[!@##$&*])(?=.*[0-9])(?=.*[a-z]).{6}$", myPassword, 1) EQ 0 )

However, it is failing. Can someone point out my error?

The criteria I think I’m testing is:

1 upper
1 lower
1 number
1 special char
6 digit min

Footnotes for non-CF people:

the double hash is to escape the CF hash;
ColdFusion uses Jakarta ORO 2.0.6 as its regex engine

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T19:01:37+00:00

Ok, well the set of criteria you’re trying to test on are bad.

For example, Pa$5word meets the criteria but is a bad choice, whilst my name |z NOT Fr£d is much stronger but fails (no numbers; different symbols).

Ideally you should look for and existing password strength checker (although I’ve no idea if there are any existing/good ones out there).

Anyhow, for a simple solution to what you’ve asked, that spells out exactly what is being checked, just do:

<cfif NOT 
    ( len(myPassword) GTE 6
    AND refind('[A-Z]',myPassword)
    AND refind('[a-z]',myPassword)
    AND refind('[0-9]',myPassword)
    AND refind('[!@##$&*]',myPassword)
     )>

There is no need/benefit to smushing it all into a single regex.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using this to (try) to validate a ‘strong’ password in ColdFusion 7. if

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply