Passwords are Case Sensitive in Oracle11g

The passwords in Oracle11g are case sensitive. All new users created in the 11g database have case sensitive password by default. For databases upgraded from earlier releases, the passwords are not case sensitive for existing accounts. They become case sensitive when you change password. A new column PASSWORD_VERSIONS is added to DBA_USERS view. A value ‘10G 11G’ in this column indicates that case sensitivity is enforced for the account.
The PASSWORD column is still available in DBA_USERS view, it is not populated anymore. For external authenticated or global accounts, the PASSWORD column indicates such.


Disable Case Sensitive Passwords
Oracle11g has a new parameter to disable the password case sensitivity – SEC_CASE_SENSITIVE_LOGON. This parameter is set to TRUE by default. Change to FALSE for pre-Oracle11g password behavior. This parameter can be changed using ALTER SYSTEM.
The password file created using orapwd utility is also case sensitive by default. To make the password for SYS and SYSDBA/SYSOPER case insensitive, include flag ingnorecase=y in the command line.


DB Links
When connecting to an Oracle11g database with default SEC_CASE_SENSITIVE_LOGON using a database link from pre-11g database, make sure the database password in Oracle11g database is set up as ALL UPPERCASE. Pre-Oracle11g databases send password in uppercase for db link connections. For 11g to 11g, the password case must be the same; for 11g to pre-11g database, the password case does not matter.
To Pre-Oracle11g
To Oracle11g
From Pre-Oracle11g
Case does not matter
From Oracle11g
Case does not matter
Same case
Users with default passwords
Oracle11g has a new very useful view to list the database accounts that have default password – DBA_USERS_WITH_DEFPWD. This view has only one column – USERNAME. By default the Oracle system accounts and example accounts are locked in Oracle11g.



Leave a Reply

%d bloggers like this: