Re: RE: password complexity -- implementing security changes

Agreed.

Of course, SOME of these rules can be circumvented with appropriate use of quotes. Or perhaps more accurately, probably all of these rules can be circumvented at least some of the time.

Sadly, when it comes time to actually *use* the passwords, some contexts (e.g., Pro*C) don't permit you to use quotes...

The one that particularly caused me trouble with Pro*C, if I recall (it was 3 years ago) had something like 3 consecutive '/' characters. As I recall, one or two would actually have been okay.

I can definitely see "@" causing trouble, too.

• Original Message ----- From: "Baumgartel, Paul" <paul.baumgartel_at_credit-suisse.com> Date: Friday, March 3, 2006 1:38 pm Subject: RE: password complexity -- implementing security changes

> An Oracle password has the following rules:
> A password must begin with an alphabetic character.
> Passwords can contain only alphanumeric characters and the
> underscore (_), dollar sign ($), and pound sign (#).
>
> So your @s, your /s, and your ^s are problematic from the get-go.
>
> Paul Baumgartel
> paul.baumgartel_at_credit-suisse.com
> 212.538.1143
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org
> [oracle-l-bounce_at_freelists.org]On Behalf Of MARK BRINSMEAD
> Sent: Friday, March 03, 2006 3:22 PM
> To: jkstill_at_gmail.com
> Cc: venu_potluri_at_ml.com; rjamya_at_gmail.com; wbfergus_at_usgs.gov;
> oracle-l_at_freelists.org
> Subject: Re: password complexity -- implementing security changes
>
>
> Okay, so why is *that* a problem? After all,
> last time I checked, Oracle database passwords
> were case-insensitive anyway...
>
> Special characters, on the other hand, *can* be a
> problem. I seem to recall even SQL*Plus giving
> me considerable grief with a password that
> contained "/" characters... No wait; it was a
> Pro*C application.
>
>
>
> ----- Original Message -----
> From: Jared Still <jkstill_at_gmail.com>
> Date: Friday, March 3, 2006 12:30 pm
> Subject: Re: password complexity -- implementing security changes
>
> >
> >
> > One thing the verify_function cannot do is enforce upper or
> lower
> > case.Try it, case doesn't matter.
> >
> > While on the subject, be careful with those special characters.
> >
> > Some applications do not like them.
> >
> > Net Backup for instance will not work if there is a @ or ^ in the
> > passwordfor the account used to do backups.
> >
> >
> >
> > Jared Still
> > Certifiable Oracle DBA and Part Time Perl Evangelist
> >
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
> ==============================================================================
> Please access the attached hyperlink for an important electronic
> communications disclaimer:
>
> http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
> ==============================================================================
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l