11g client, 10g database
March 12, 2008 - 10am Central time zone
Reviewer: A reader
Tom,
If I have a user running 11g client and connecting to a 10g database, the passwords will not be
case sensitive. Is this correct?
Thanks
Followup March 12, 2008 - 5pm Central time zone:
10g was not case sensitive, correct.
March 12, 2008 - 11am Central time zone
Reviewer: A reader
no it won't be case sesitive- but it is unusual to connect from higher version client to a db of
lower version
Followup March 12, 2008 - 5pm Central time zone:
no, not today - not with application servers wanting the newest jdbc drivers and whatnot available.
I would say 10 years ago, that might have been true - as updating thousands of clients was hard, and the clients used to lag way behind.
Now that the clients are application servers - they are tending to actually start to run ahead in many cases.
11g only case sensitive
March 12, 2008 - 11am Central time zone
Reviewer: Ian Gallacher from Scotland
Hi
New parameter introduced in 11G release
sec_case_sensitive_logon
which defaults to TRUE when you install the database!
simply
alter system set sec_case_sensitive_logon=False
to return to normal !
Ian
Not available in previous releases
11g client, 10g database
March 13, 2008 - 1pm Central time zone
Reviewer: A reader
Tom,
You hit the nail right on the head. The reason we want to connect to a 10g database from 11g client is that we want latest version of .Net drivers on the application servers. The drivers are available with 11g client.
There was a time when we used to follow the "client has to be lesser or equal version to the database" rule. Now Oracle provides so many new features which allow co-hosting of different client versions, allows applications to use different driver versions on the same host and provides backward client compatibility with database versions.
I guess it is part of the evolving technology that we have to change the rules with time.
Thanks...
What case will existing passwords be after upgrade?
May 1, 2009 - 3pm Central time zone
Reviewer: Mike from Cleveland, OH USA
Is there any way to know whether passwords will be upgraded as uppercase, lowercase, or 'however it
was originally typed'?
Suppose I know that I am currently be able to use
MYPASSWORD
mypassword
MyPassWord
and they are all accepted when connecting to a 10g database. It is certainly possible that the
password was originally typed as mYpASSwORD, even, but I really don't have any way to find out.
What will the the password be after upgrading the database to 11g?
Followup May 2, 2009 - 12pm Central time zone:
they were always rolled to uppercase in the past
Passwords after migrating to 11g
May 6, 2009 - 9pm Central time zone
Reviewer: Mike from Cleveland, OH USA
I found the following in the 11g Upgrade Companion:
In Oracle Database 11g password are case sensitive. In previous versions the passwords are not
case sensitive. This feature is enabled by the initialization parameter sec_case_sensitive_logon
that is TRUE by default. Setting sec_case_sensitive_logon to FALSE disables the case sensitive
feature. After migrating the Oracle database from previous versions the existing user passwords are
case-insensitive until users change it.
So it sounds like this scenario has already been planned for. It also describes a new column DBA_USERS.PASSWORD_VERSIONS to show under which database versions the password has been set (and, therefore, to indicate whether case-sensitivity is appropriate).
sec_case_sensitive not working properly
June 30, 2011 - 1am Central time zone
Reviewer: KC from Philippines
the sec_case_sensitive parameter seems not to work on one of our databases.
SQL> conn MYUSER/MYPASSWORD@MYDB101
Connected.
SQL> conn myuser/mypassword@mydb101
Connected.
SQL> sho parameter case_sensitive
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
sec_case_sensitive_logon boolean TRUE
is there any other parameter that i should set?
Followup July 1, 2011 - 8am Central time zone:
http://download.oracle.com/docs/cd/E11882_01/network.112/e16543/authentication.htm#DBSEG3225
<quote>
In previous releases of Oracle Database, passwords were not case sensitive. If you import user accounts from a previous release, for example, Release 10g, into the current database release, the case-insensitive passwords in these accounts remain case insensitive until the user changes his or her password. </quote>
sounds like a legacy account that hasn't changed their password yet.
sec_case_sensitive not working properly
June 30, 2011 - 2am Central time zone
Reviewer: KC from Philippines
by the way, this is the version of my database
SQL> select * from v$version
2 /
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
PL/SQL Release 11.2.0.2.0 - Production
CORE 11.2.0.2.0 Production
TNS for HPUX: Version 11.2.0.2.0 - Production
NLSRTL Version 11.2.0.2.0 - Production
Logins failing, but only from Forms running under OC4J
September 21, 2011 - 10am Central time zone
Reviewer: Chuck from Salem, OR
We just migrated to database version 11.1.0.7 fom 10.1.0.4, and newly added employees were having
trouble running their Forms under OC4J. While they are able to connect to the database within Forms
Builder, when they try to run the form they received an "invalid username/password" error, and then
they receive a popup asking for username/password (pre-filled with their username, and database
instance).
By setting the SEC_CASE_SENSITIVE_LOGON parameter to FALSE, everything starts working for them.
Since the production database has been running with SEC_CASE_SENSITIVE_LOGON set to TRUE without
problem, I'd like to keep it in place. So that means trying to figure out how to get OC4J to work
for newly added users (or, for people who change their passwords). Any suggestions?
Followup September 21, 2011 - 12pm Central time zone:
I'd try quoted identifiers quick to see if that fixes it - that would confirm that the forms app is rolling things to upper case by default..
"myusername"/"mypassword"
(sorry, I don't have any forms installs or anything to play with...)
Forms Patch
September 21, 2011 - 3pm Central time zone
Reviewer: Stephen from UT USA
There is an oracle patch to fix this problem.
Forms Bundle Patch 9593176 for forms 10.1.2.3.
Followup September 21, 2011 - 10pm Central time zone:
thanks much, i just don't work with forms at all - not really at all since about 1995 when this "internet" thingy started to catch on myself...
SYS password is still case sensitive
March 7, 2012 - 9am Central time zone
Reviewer: Gary from Atlanta, GA
I have just installed Oracle 11g R2 and took care of setting sec_case_sensitive_login as FALSE. It
seems to have applied to all but my SYS user's password. Is SYS an exception or is it any user that
connects as SYSDBA?
Followup March 7, 2012 - 7pm Central time zone:
you'd have to sync up the external password file.
the password file is used to verify remote sysdba logins, it is maintained when you "alter user identified by". the next time you alter the user to change the password, this will take place.
|