Good news for people who always wanted oracle schema passwords to be case sensitive.
Oracle has done this in 11g.
Just to show an example:
C:\Documents and Settings\sachin.arora>sqlplus "/ as sysdba"
SQL*Plus: Release 11.1.0.6.0 - Production on Fri Mar 28 15:02:56 2008
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create user test identified by AroRa default tablespace users;
User created.
SQL> grant create session to test;
Grant succeeded.
SQL> connect test/arora
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> connect test/AroRa
Connected.
With 11g, Oracle has made significant changes in password maintenence algorithm.
The password verifier is based on 160 bit SHA-1 hashing algorithm. This empowers Oracle to not only allow case sensitive passwords, but also enable the users to keep a strong password that can include special characters.
For pre-11g users, when they migrate to 11g, their password still behave password insensitive. However, i feel its good to take the advantage of this useful feature and change the password.
For applications which cant afford to change their passwords for xyzee purpose, Oracle has supplied an init.ora i.e. SEC_CASE_SENSITIVE_LOGON that can be set to true/false.
Default value of this parameter is true which means passwords should be case sensitive.
1 comment:
Hi,
Note Id = 429465.1, can be the solution to avoid case sensitive password.
--X---SNIP--X-----X-----X---
Disabling Password Case Sensitivity
When you create or modify user accounts, by default, passwords are case sensitive. To control the use of case sensitivity in passwords for application-to-password file authentication, set the SEC_CASE_SENSITIVE_LOGON initialization parameter. Only users who have the SYSDBA or SYSOPER privilege can set the SEC_CASE_SENSITIVE_LOGIN parameter. Set it to TRUE to enable case sensitivity or FALSE to disable case sensitivity.
For greater security, Oracle recommends that you enable case sensitivity in passwords. However, if you have compatibility issues with your applications, you can use this parameter to disable password case sensitivity. Examples of application compatibility issues are passwords for your applications being hard-coded to be case insensitive, or different application modules being inconsistent about case sensitivity when sending credentials to start a database session.
Post a Comment