Actually, passwords are treated by Oracle exactly as identifiers (note
the 30-character limit) ... and like identifiers, they become case
sensitive and allow basically any character when specified between
double quotes.
In the old days when database link passwords were visible through data
dictionary tables, I have secured a few database links by using
characters such as backspaces in my passwords ...
Stephane Faroult
Baumgartel, Paul wrote:
An Oracle password has the following rules: A password must begin with an alphabetic character. Passwords can contain only alphanumeric characters and the underscore (_), dollar sign ($), and pound sign (#).
So your @s, your /s, and your ^s are problematic from the get-go.
Paul Baumgartel paul.baumgartel@xxxxxxxxxxxxxxxxx 212.538.1143
-----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]On Behalf Of MARK BRINSMEAD Sent: Friday, March 03, 2006 3:22 PM To: jkstill@xxxxxxxxx Cc: venu_potluri@xxxxxx; rjamya@xxxxxxxxx; wbfergus@xxxxxxxx; oracle-l@xxxxxxxxxxxxx Subject: Re: password complexity -- implementing security changes
Okay, so why is *that* a problem? After all, last time I checked, Oracle database passwords were case-insensitive anyway...
Special characters, on the other hand, *can* be a problem. I seem to recall even SQL*Plus giving me considerable grief with a password that contained "/" characters... No wait; it was a Pro*C application.
----- Original Message ----- From: Jared Still <jkstill@xxxxxxxxx> Date: Friday, March 3, 2006 12:30 pm Subject: Re: password complexity -- implementing security changes
One thing the verify_function cannot do is enforce upper or lower case.Try it, case doesn't matter.
While on the subject, be careful with those special characters.
Some applications do not like them.
Net Backup for instance will not work if there is a @ or ^ in the passwordfor the account used to do backups.
Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist
-- //www.freelists.org/webpage/oracle-l
