11g_new_case_sensitive_password
TRANSCRIPT
8/7/2019 11g_new_case_sensitive_password
http://slidepdf.com/reader/full/11gnewcasesensitivepassword 1/2
11g New Features - Case-sensitive passwords
Probably a long overdue feature...though one could have implemented thesame using password verify function in earlier releases but it wasnecessitated to be in compliance with industry wide Data security standards.
Starting 11g case sensitive passwords automatically enforced.
Here is how to implement case-sensitive passwords feature:
SQL> create user GJILVSKI identified by GJILVSKI;
User created.
SQL> grant create session to GJILVSKI;
Grant succeeded.
SQL> connect GJILVSKI/gjilevski@db11gERROR:ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.SQL> connect GJILVSKI/[email protected]>
See the difference - since the user was created with an upper case
password, it did not allow lower case password while connecting to"GJILVSKI". Had it been 10g, you would easily get connected. So now,"GJILVSKI", "gjilevski" and "GJilevski" are different passwords.
However, Oracle has also provided an initialization parameter to disable
case-sensitive passwords i.e. going back to old way of 10g and priorversions.
SQL> show parameter SEC_CASE_SENSITIVE_LOGON
NAME TYPE VALUE ------------------------------------ ----------- ---------sec_case_sensitive_logon boolean TRUE
SQL> ALTER SYSTEM set SEC_CASE_SENSITIVE_LOGON=FALSE scope=both;
System altered.
SQL> show parameter SEC_CASE_SENSITIVE_LOGON
NAME TYPE VALUE ------------------------------------ ----------- ------------------------------
8/7/2019 11g_new_case_sensitive_password
http://slidepdf.com/reader/full/11gnewcasesensitivepassword 2/2
sec_case_sensitive_logon boolean FALSE
And now see the difference...
SQL> conn GJILVSKI/gjilevski@db11gConnected.
SQL> conn GJILVSKI/[email protected]>
So it would connect irrespective of case. A new column
"PASSWORD_VERSIONS" has been added to "DBA_USERS" view to indicatedatabase version in which the password was created or changed.
SQL> select username,PASSWORD_VERSIONS from dba_users;
USERNAME PASSWORD
------------------------------ --------.....SCOTT 10G 11GGJILVSKI 10G 11G
According to the documentation if a database was migrated from 10g then it
would have both "10G", "11G" in it.
One can also enforce case-sensitive passwords for SYSDBA users. Use"ignorecase" argument while creating password files using "ORAPWD" utility.
Default values for "ignorecase" is "n", and you can set it to "y" to enable
case-sensitive passwords.
e.g. $orapwd file=orapw entries=5 ignorecase=y
So if you plan to upgrade to 11g then make sure you change passwords to
adhere to case-sensitivity and ensure that you change your scripts whichhave inconsistent password cases too.
R eference : Oracle® Database Security Guide 11g Release 1 (11.1) Part
Number B28531-04