Azure-Samples/MyDriving

Passwords not complex enough

Zordid opened this issue · 3 comments

Zordid commented

I try to run deploy.ps1, enter the two passwords and because NOTHING is said about the password rules, I simply take my favorite password.
But then:

New-AzureRmResourceGroupDeployment : 10:00:26 - Resource Microsoft.Sql/servers 'mydriving-dbserver-7up3tmzzuc7n6'
failed with message 'Password validation failed. The password does not meet policy requirements because it is not
complex enough.'
In C:\dev\MyDriving\scripts\PowerShell\deploy.ps1:144 Zeichen:16
+ ... ployment2 = New-AzureRmResourceGroupDeployment -Name "$DeploymentName ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.NewAzureResourceGroupDeploymentCommand

New-AzureRmResourceGroupDeployment : 10:00:27 - Resource Microsoft.Sql/servers 'mydrivingdbserver-7up3tmzzuc7n6'
failed with message 'Password validation failed. The password does not meet policy requirements because it is not
complex enough.'
In C:\dev\MyDriving\scripts\PowerShell\deploy.ps1:144 Zeichen:16
+ ... ployment2 = New-AzureRmResourceGroupDeployment -Name "$DeploymentName ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzureRmResourceGroupDeployment], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.NewAzureResourceGroupDeploymentCommand

This is crappy. Can't you state the rules instead of dumping a dumb error like this? What rules does my password have to obey?

PiDiBi commented

strong passwords: https://msdn.microsoft.com/library/ms161962.aspx

powershell scripts are for administrators and there is expectation, that admins knows something about security

Zordid commented

This is an assumption - nice, of course. But each platform has its own specifications as to what they consider a strong password. So, a short text BEFORE asking for two passwords are surely helpful.

PiDiBi commented

short text with hint added to deployment script