11g New Features – Case-sensitive passwords
11g New Features – Case-sensitive passwords
Probably a long overdue feature…though one could have implemented the same using password verify function in earlier releases but it was necessitated to be in compliance with industry wide Data security standards. Starting 11g case sensitive passwords automatically enforced.
Here is how to implement case-sensitive passwords feature :-
SQL> create user GJILVSKI identified by GJILVSKI;
User created.
SQL> grant create session to GJILVSKI;
Grant succeeded.
SQL> connect GJILVSKI/gjilevski@db11g
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> connect GJILVSKI/GJILVSKI@db11g
Connected.
SQL>
See the difference – since the user was created with an upper case password, it did not allow lower case password while connecting to “GJILVSKI”. Had it been 10g, you would easily get connected. So now, “GJILVSKI”, “gjilevski” and “GJilevski” are different passwords.
However, Oracle has also provided an initialization parameter to disable case-sensitive passwords i.e. going back to old way of 10g and prior versions.
SQL> show parameter SEC_CASE_SENSITIVE_LOGON
NAME TYPE VALUE
———————————— ———– ———
sec_case_sensitive_logon boolean TRUE
SQL> ALTER SYSTEM set SEC_CASE_SENSITIVE_LOGON=FALSE scope=both;
System altered.
SQL> show parameter SEC_CASE_SENSITIVE_LOGON
NAME TYPE VALUE
———————————— ———– ——————————
sec_case_sensitive_logon boolean FALSE
And now see the difference…
SQL> conn GJILVSKI/gjilevski@db11g
Connected.
SQL> conn GJILVSKI/GJILVSKI@db11g
Connected.
SQL>
So it would connect irrespective of case. A new column “PASSWORD_VERSIONS” has been added to “DBA_USERS” view to indicate database version in which the password was created or changed.
SQL> select username,PASSWORD_VERSIONS from dba_users;
USERNAME PASSWORD
—————————— ——–
…..
SCOTT 10G 11G
GJILVSKI 10G 11G
According to the documentation if a database was migrated from 10g then it would have both “10G”, “11G” in it.
One can also enforce case-sensitive passwords for SYSDBA users. Use “ignorecase” argument while creating password files using “ORAPWD” utility. Default values for “ignorecase” is “n”, and you can set it to “y” to enable case-sensitive passwords.
e.g. $orapwd file=orapw entries=5 ignorecase=y
So if you plan to upgrade to 11g then make sure you change passwords to adhere to case-sensitivity and ensure that you change your scripts which have inconsistent password cases too.
Reference : Oracle® Database Security Guide 11g Release 1 (11.1) Part Number B28531-04
-
Archives
- February 2017 (1)
- November 2016 (1)
- October 2016 (1)
- May 2016 (2)
- March 2016 (3)
- December 2014 (2)
- July 2014 (1)
- June 2014 (6)
- May 2014 (5)
- February 2014 (1)
- December 2012 (2)
- November 2012 (8)
-
Categories
-
RSS
Entries RSS
Comments RSS