Security enhancement proposal - Powershell module password complexity flag
TL;DR as this originated from a ticket - When a RoyalTS document is created via powershell, the module does not enforce the password complexity requirements as specified in the application settings/JSON (Makes sense)
The issue is that if you set a password that does not satisfy the "PolicyDoNotAllowWeakDocumentPasswords" policy, when you open that document created via Powershell within the application, it does not check if the password is compliant with the policy. This means that despite the policies being in place, you have no way to actually control if users are securing their documents adequately.
From discussion on the ticket, having a check when the document on unlock of the password vs the policy could be CPU intensive and severely degrade the performance.
Instead of this, I propose that when the Powershell module sets/creates the password, it would be best if it internally of the module checked the password vs zxcvbn and just adds a property to the document so that when RoyalTS goes to open the document, it just has to check if that flag is good enough, and then when opened, enforce a new password.
Ideally the Powershell module being just built into the installer and leveraging the policy's would be the best solution but I realise this is a major task
thanks for the feedback. As mentioned in the ticket, it's not so easy to implement this kind of stuff in our PowerShell cmdlets. Let's keep this thread open and see if other users are also interested or have ideas how it can be implemented easily.