| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: password complexity -- implementing security changes
Actually, passwords are treated by Oracle exactly as identifiers (note
the 30-character limit) ... and like identifiers, they become case
sensitive and allow basically any character when specified between
double quotes.
In the old days when database link passwords were visible through data
dictionary tables, I have secured a few database links by using
characters such as backspaces in my passwords ...
Stephane Faroult
Baumgartel, Paul wrote:
>An Oracle password has the following rules:
>A password must begin with an alphabetic character.
>Passwords can contain only alphanumeric characters and the underscore (_), dollar sign ($), and pound sign (#).
>
>So your @s, your /s, and your ^s are problematic from the get-go.
>
>Paul Baumgartel
>paul.baumgartel_at_credit-suisse.com
>212.538.1143
>
>
>-----Original Message-----
>From: oracle-l-bounce_at_freelists.org
>[mailto:oracle-l-bounce_at_freelists.org]On Behalf Of MARK BRINSMEAD
>Sent: Friday, March 03, 2006 3:22 PM
>To: jkstill_at_gmail.com
>Cc: venu_potluri_at_ml.com; rjamya_at_gmail.com; wbfergus_at_usgs.gov;
>oracle-l_at_freelists.org
>Subject: Re: password complexity -- implementing security changes
>
>
>Okay, so why is *that* a problem? After all,
>last time I checked, Oracle database passwords
>were case-insensitive anyway...
>
>Special characters, on the other hand, *can* be a
>problem. I seem to recall even SQL*Plus giving
>me considerable grief with a password that
>contained "/" characters... No wait; it was a
>Pro*C application.
>
>
>
>----- Original Message -----
>From: Jared Still <jkstill_at_gmail.com>
>Date: Friday, March 3, 2006 12:30 pm
>Subject: Re: password complexity -- implementing security changes
>
>
>
>>One thing the verify_function cannot do is enforce upper or lower
>>case.Try it, case doesn't matter.
>>
>>While on the subject, be careful with those special characters.
>>
>>Some applications do not like them.
>>
>>Net Backup for instance will not work if there is a @ or ^ in the
>>passwordfor the account used to do backups.
>>
>>
>>
>>Jared Still
>>Certifiable Oracle DBA and Part Time Perl Evangelist
>>
>>
>>
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Mar 03 2006 - 15:25:35 CST
 |
 |