Change Password SQL needs to quote new password

Toad for Oracle - Beta
1

Howdy!

Subject about says it all -- the new password specified in the "Change Password" SQL needs to be in double quotes if the DB requires case-sensitive passwords. The old password appears to be in quotes in the SQL, but not the new one. (at least that's how I remember it to be from prior to the long Turkey Day weekend)

Thanks!
Rich

2

Hey Rich -

I just tried this and it's working fine for me. Can you give me an example of a password that it's not quoting but should? I tested with: jDorlon

Also: I tested it in Main Menu -> Session -> Change Password, and also in the "alter user" window. If you changed it some other way, let me know.

And, to be clear - for me, the double-quotes weren't added in the SQL, but when I logged in after changing my password, I had to type it in mixed case like that in the login window.

-John

3

The need for double-quotes is when a special character that is not _#$ is used. I don't believe it is a requirement for mixed-case passwords.

4

Hey John,

I've been trying to find a DB to test this on without messing up my current password because of the security restrictions on password reuse, etc. My password also contained a special character, but that also doesn't seem to affect anything.

Does the password change prompt on connecting to a "EXPIRED (GRACE)" account act differently? I'm not able to easily test that out at the moment...

Thanks!
Rich

5

Ahh....and I would have used a special character other than those. But I couldn't get it to bomb again...doh!

Rich

6

I just did the following:

  1. Log in as SYS and ran "alter user jdorlon password expire"
  2. Attempted to log in as jdorlon, got the "password expired" prompt and changed password to: J d !!! (spaces before and after the d. I did not type any double-quotes)
  3. Disconnected and reconnected, typing my password just like that in the login dialog, w/o any double-quotes. It connected fine.
  4. Disconnected and reconnected, typing my password in all lowercase - got the expected ORA-01017.

If you have any more info on how I can reproduce this, let me know.

7

Well, nertz. Apparently, it's a good idea to report potential issues right when they happen, instead of 5 days later when they are decidedly more difficult to remember. :blush:

If I manage to recreate it, I'll report back.

Thanks for checking on this!
Rich

1 Like
8

6 months (and multiple password changes) later, it has just happened again. This password change is a local account in a DBA-only PDB (Oracle v19.18).

  1. Logged into the PDB with my CDB common account that has DBA privs.
  2. SB->Users->Edit user.
  3. Typed in old password and the New/Verify new password fields.
  4. Click OK.
SQL> ALTER USER MYUSER IDENTIFIED BY "Woowie754!NewExclamation" REPLACE MyOld88Pwd!WithExcl
>> ALTER USER MYUSER IDENTIFIED BY "Woowie754!NewExclamation" REPLACE MyOld88Pwd!WithExcl
Error at line 2
ORA-00922: missing or invalid option
Script stopped on line 2.

All accounts and passwords have been munged to protect the innocent (and me, too!).

Seems like the password in the REPLACE also requires quotes, possibly for the exclamation as DougK mentioned all those months ago.

Rich

9

Thanks for the details. I'll get it fixed soon, most likely before another 6 months pass.

1 Like