Skip to content

Enable Check Policy Option For Authenticated Logins

Description

Applies the same password complexity policy used in Windows to passwords used inside SQL Server.

Rationale

Ensure SQL authenticated login passwords comply with the secure password policy applied by the Windows Server Benchmark so that they cannot be easily compromised via brute force attack.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { isEmptyArray } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'check policy' is set to true
 */
function validate(databaseSettings) {
    const success = isEmptyArray(databaseSettings.users) ||
                    isEmptyArray(
                        databaseSettings.users.filter(user =>
                            user.sqlserver &&
                            user.sqlserver.source === 'sys.server_principals' &&
                            user.sqlserver.isPolicyChecked === false))

    return {
        success
    }
}

validate(databaseSettings)