design over matter

I attended a session about securing your ColdFusion applications at MAX 2007 and decided to add password strength testing to one of my projects. It's a nifty trick. As the user types in their password, a message tells them if the password is weak, average or strong. I've seen this done with Javascript on the client side, but thought I'd take advantage of the new AJAX features of ColdFusion 8 to build mine.

Below is the code you'll add to your page.

When using CF-8JAX (my new term), I was getting javascript errors because the CFIDE directory was not mapped for that domain name. You can confirm the mapping is correct by going to http://www.mydomain.com/CFIDE/Administrator/ (this will pull up your ColdFusion Administrator screen.

If for some reason you can not map CFIDE, then you can upload the contents of the CFIDE/scripts directory into a directory on your server. For example. /js/cfscripts/ Then include the following cfajaxproxy tag in your page.

WARNING about this workaround. Any updates to ColdFusion may also update your javascript libraries. You'll need to copy the updated libraries into your custom directory as well.

Nothing special above, just a password input field.

Ok, here is where the magic happens. The function PasswordStrength is located in the file remote.cfc. I placed remote.cfc in the same directory, but you can place it anywhere. Just make sure you update the cfdiv tag to reflect the new location.

I pass the argument "password" into my function. I discovered the @keyup trick looking at some other blog posts. Now each time a new character is added the password strength is tested. Love this feature. You can also use @blur or @keypress. Along with the strength I give the user hints how to strengthen their password.

See an example or Download the code

Feedback always welcome. Let me know if you have improvement for my PasswordStrength function. Thanks!