Evaluate database(Cosmos, Azure SQL etc) security of all templates

Azure / azure-dev

A developer CLI that reduces the time it takes for you to get started on Azure. The Azure Developer CLI (azd) provides a set of developer-friendly commands that map to key stages in your workflow - code, build, deploy, monitor, repeat.

https://aka.ms/azd

MIT License

410 stars 198 forks source link

Evaluate database(Cosmos, Azure SQL etc) security of all templates #1142

Open jongio opened 1 year ago

TWolverson commented 1 year ago

I would like to mention in this context that https://github.com/Azure-Samples/todo-csharp-sql effectively disables the SQL firewall by adding an allow-all rule, which is not mentioned anywhere in the readme. Given that this is going to be taken as a reference solution I'd argue this is effectively putting a bomb in code that people will trust is aligned to best practices which it very much is not.

tonyeung commented 1 year ago

Also consider adding how the password generation works in the security section. https://github.com/Azure/azure-dev/issues/994 has the source code. From what I'm reading, azd calls this command internally, always expects a kv name and key, looks up the secret using the key provided from kv, if it exists, returns it, else generates a new one and returns that

rajeshkamal5050 commented 1 year ago

Not a must-fix for GA. Moving to Germanium.

Since Bicep related efforts i.e, moving bicep modules(azure-dev -> awesome-azd), following best practices, moving into bicep registry will be handled in Germanium.

@savannahostrowski @ellismg