Thanks for the feedback. I had read that MD5 collisions were becoming more common, but hadn't realized that NIST had declared it unsecure. SHA-256 and SHA-512 are good alternatives for now.
The .NET code for validation can be as simple as a FOR...NEXT loop comparing your string character by character, a Regular Expression or it can take advantage of the ASP Validators. Here's a very simple example of a FOR...NEXT loop to validate a username consists of only the characters "A" - "Z" and "a" - "z", as I alluded to:
Function ValidUser(s As String) As Boolean
Dim f As Boolean = True
s = s.ToUpper()
For i = 0 To s.Length - 1
If (s.Substring(i, 1) < "A" OrElse s.Substring(i, 1) > "Z") Then
f = False
.NET has several built-in validators that can be used also to validate input to various degrees; I assume you're talking about the RequiredFieldValidator in your post. To use, just drag the RequiredFieldValidator onto the form next to the Password text box, and change the properties as follows:
1. Set .ControlToValidate to Password.
2. Set the .Text property to a descriptive message, such as "Password Required".
T-SQL validation could also be performed using a loop, as alluded to. Here's a UDF that can be called from within a SQL SP:
CREATE FUNCTION dbo.udf_ValidUserName(@s VARCHAR(255))
DECLARE @i INTEGER
SET @i = 1
DECLARE @result CHAR(1)
SET @result = 'T'
SET @s = UPPER(@s)
WHILE @i <= LEN(@s)
IF (SUBSTRING(@s, @i, 1) < 'A' OR
SUBSTRING(@s, @i, 1) > 'Z')
SET @result = 'F'
SET @i = @i + 1