feat: enforce strong DB password values
Description
Enforce strong DB password values during clone creation.
The password must have sufficient (60 bits) entropy (raw cryptographic strength of the password). A password with 60 bits of entropy has 2^60 (or about 1.15 quintillion) possible combinations.
This MR doesn't load large datasets, and doesn't contact external services. So, keep in mind that the rules don't protect against common passwords or PWNed passwords.
Related issue
Examples
Weak password
$ dblab clone create --username john --password 123
2023/08/21 06:26:52 failed to get response: password validation: insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer passwordStrong password
$ dblab clone create --username john --password Ae6ua1ahoog7Aisi
{
"id": "cjhhjj0n9i6s738qaoe0",
"protected": false,
"deleteAt": null,
"createdAt": "2023-08-21T08:01:16Z",
"status": {
"code": "OK",
"message": "Clone is ready to accept Postgres connections."
},
"db": {
"connStr": "host=localhost port=6001 user=john dbname=postgres",
"host": "localhost",
"port": "6001",
"username": "john",
"password": "",
"dbName": ""
},
"snapshot": {
"id": "oldest5@snapshot_20230821075549",
"createdAt": "2023-08-21T07:57:15Z",
"dataStateAt": "2023-08-21T07:55:49Z",
"pool": "oldest5",
"numClones": 1,
"physicalSize": "0 B",
"logicalSize": "71 MiB"
},
"metadata": {
"cloningTime": 0.668200092,
"maxIdleMinutes": 30,
"cloneDiffSize": "186 KiB",
"logicalSize": "71 MiB"
}
}Checklist
-
MR description has been reviewed -
MR changes are functionally tested -
MR does NOT have API/CLI changes OR there are API/CLI changes and they have been reviewed & DOCS ARE ADJUSTED (reference doc, etc) -
MR does NOT have UI changes OR there are UI changes and they have been reviewed & UX IS REVIEWED
Closes #530
Edited by Artyom Kartasov