Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: password complexity -- implementing security changes
I too, was in "shock and awe" mode when I found this one out
Thankfully, I did not stick my foot in my mouth and tell TPTB this
incorrect info.
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Baumgartel, Paul
Sent: Friday, March 03, 2006 1:51 PM
To: oracle-l_at_freelists.org
Subject: RE: password complexity -- implementing security changes
Well, whaddya know. I wonder why the docs say one thing and the software does another...that NEVER happens! ;-)
Paul Baumgartel
paul.baumgartel_at_credit-suisse.com
212.538.1143
-----Original Message-----
From: Reidy, Ron [mailto:Ron.Reidy_at_arraybiopharma.com]
Sent: Friday, March 03, 2006 3:47 PM
To: paul.baumgartel_at_credit-suisse.com; oracle-l_at_freelists.org
Subject: RE: password complexity -- implementing security changes
While these password rules might be the "official rules", I believe they are of the legacy variety. I have passwords that:
None of these cause issues in our apps or using any Oracle client tools (both Oracle developed and 3rd party).
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Baumgartel, Paul
Sent: Friday, March 03, 2006 1:38 PM
To: oracle-l_at_freelists.org
Subject: RE: password complexity -- implementing security changes
An Oracle password has the following rules: A password must begin with an alphabetic character. Passwords can contain only alphanumeric characters and the underscore (_), dollar sign ($), and pound sign (#).
So your @s, your /s, and your ^s are problematic from the get-go.
Paul Baumgartel
paul.baumgartel_at_credit-suisse.com
212.538.1143
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of MARK BRINSMEAD
Sent: Friday, March 03, 2006 3:22 PM
To: jkstill_at_gmail.com
Cc: venu_potluri_at_ml.com; rjamya_at_gmail.com; wbfergus_at_usgs.gov;
oracle-l_at_freelists.org
Subject: Re: password complexity -- implementing security changes
Okay, so why is *that* a problem? After all, last time I checked, Oracle database passwords were case-insensitive anyway...
Special characters, on the other hand, *can* be a problem. I seem to recall even SQL*Plus giving me considerable grief with a password that contained "/" characters... No wait; it was a Pro*C application.
>
>
> One thing the verify_function cannot do is enforce upper or lower
> case.Try it, case doesn't matter.
>
> While on the subject, be careful with those special characters.
>
> Some applications do not like them.
>
> Net Backup for instance will not work if there is a @ or ^ in the
> passwordfor the account used to do backups.
>
>
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
-- http://www.freelists.org/webpage/oracle-l ======================================================================== ====== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ======================================================================== ====== -- http://www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. ======================================================================== ====== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ======================================================================== ====== -- http://www.freelists.org/webpage/oracle-l This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. -- http://www.freelists.org/webpage/oracle-lReceived on Fri Mar 03 2006 - 14:57:55 CST