Home » RDBMS Server » Server Administration » Passwords are not case sensitive!?!?
Passwords are not case sensitive!?!? [message #228616] Tue, 03 April 2007 08:30 Go to next message
t.summerfield
Messages: 39
Registered: March 2007
Location: UK
Member
Just realised the Oracle passwords I have setup are not case sensitive - Have Oracle ever heard of security!!

Did anyone else know this; or can you provide me with an explantaion as to why this is the case?

BTW using 10g R2 on win 2003.

Report message to a moderator

Re: Passwords are not case sensitive!?!? [message #228619 is a reply to message #228616] Tue, 03 April 2007 08:42 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
That's correct. As far as I can remember, Oracle passwords have never been case sensitive. It's hard to believe at this stage in the game, Oracle hasn't incorporated this into the way they hash the password.

Report message to a moderator

Re: Passwords are not case sensitive!?!? [message #228630 is a reply to message #228616] Tue, 03 April 2007 09:26 Go to previous messageGo to next message
Michel Cadot
Messages: 68686
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Password will be case sensitive only in 11g.
Remember Oracle RDBMS was created in 1977 and in this times its password algorithm was efficient enoiugh.
Now it is obsolete since many years but Oracle has to be backward compatible. This is the classical reason to keep obsolete features. Notice that in 11g, Oracle will keep old algorithm for already created user if you'll upgrade a database from an older version.

Regards
Michel

Report message to a moderator

Re: Passwords are not case sensitive!?!? [message #228633 is a reply to message #228630] Tue, 03 April 2007 09:30 Go to previous messageGo to next message
ebrian
Messages: 2794
Registered: April 2006
Senior Member
Michel Cadot wrote on Tue, 03 April 2007 10:26

Password will be case sensitive only in 11g.


Good to know Michel. Thanks.

Report message to a moderator

Re: Passwords are not case sensitive!?!? [message #228642 is a reply to message #228633] Tue, 03 April 2007 09:42 Go to previous messageGo to next message
Michel Cadot
Messages: 68686
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Moreover the new algorithm uses SHA-1 instead of the old DES (source: Pete Finnigan).

Regards
Michel

Report message to a moderator

Re: Passwords are not case sensitive!?!? [message #228673 is a reply to message #228616] Tue, 03 April 2007 11:33 Go to previous message
t.summerfield
Messages: 39
Registered: March 2007
Location: UK
Member
lol SHA-1 has major defects and was recently proved not to be 'that' secure........ Another step in the right direction for Oracle!!

Thanks for the input guys

Report message to a moderator

Previous Topic: how to rectify this error?
Next Topic: Oracle Express Server error - XPINSMGR-10531
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Sep 20 04:29:00 CDT 2024
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.