> >You could use it to enforce all lowercase, or init caps. > >Jared
Hi Jared, You could do as you suggest and enforce all to lowercase or initcaps but what is the point?, Oracle is not case sensitive for passwords even when the password is set using quotes. See for example: SQL> connect system/[EMAIL PROTECTED] Connected. SQL> -- create a user no quotes lower case SQL> create user jared identified by jared; User created. SQL> select password from dba_users where username='JARED'; PASSWORD ------------------------------ C142CAC4DE964694 SQL> -- change the password, no quotes upper case SQL> alter user jared identified by JARED; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD ------------------------------ C142CAC4DE964694 SQL> -- change the password, no quotes initcap SQL> alter user jared identified by Jared; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD ------------------------------ C142CAC4DE964694 SQL> -- try now with quotes, upper case SQL> alter user jared identified by "JARED"; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD ------------------------------ C142CAC4DE964694 SQL> -- with quotes, lower case SQL> alter user jared identified by "jared"; User altered. SQL> select password from dba_users where username ='JARED'; PASSWORD ------------------------------ C142CAC4DE964694 SQL> -- with quotes initcap SQL> alter user jared identified by "Jared"; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD ------------------------------ C142CAC4DE964694 As yu can no doubt see the hash is the same no matter what case is used and also even if the password is encased in quotes. This seems to defy the logic of using quotes as doing so allows the use of any character such as: SQL> alter user jared identified by "£$%^"; User altered. SQL> select password from dba_users where username='JARED'; PASSWORD ------------------------------ 8248DF340D98455E SQL> connect jared/"£$%^"@zulia ERROR: ORA-01045: user JARED lacks CREATE SESSION privilege; logon denied Warning: You are no longer connected to ORACLE. SQL> connect system/[EMAIL PROTECTED] Connected. SQL> grant create session to jared; Grant succeeded. SQL> connect jared/"£$%^"@zulia Connected. SQL> why then if it allows the whole character set including control characters does it change make ASCII letters case insensitive? Anyway the point is from above the original OP cannot force a password to be case sensitive as Oracle does not recognise case for passwords. kind regards Pete -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
