Change Password SQL needs to quote new password


Subject about says it all -- the new password specified in the "Change Password" SQL needs to be in double quotes if the DB requires case-sensitive passwords. The old password appears to be in quotes in the SQL, but not the new one. (at least that's how I remember it to be from prior to the long Turkey Day weekend)


Hey Rich -

I just tried this and it's working fine for me. Can you give me an example of a password that it's not quoting but should? I tested with: jDorlon

Also: I tested it in Main Menu -> Session -> Change Password, and also in the "alter user" window. If you changed it some other way, let me know.

And, to be clear - for me, the double-quotes weren't added in the SQL, but when I logged in after changing my password, I had to type it in mixed case like that in the login window.


The need for double-quotes is when a special character that is not _#$ is used. I don't believe it is a requirement for mixed-case passwords.

Hey John,

I've been trying to find a DB to test this on without messing up my current password because of the security restrictions on password reuse, etc. My password also contained a special character, but that also doesn't seem to affect anything.

Does the password change prompt on connecting to a "EXPIRED (GRACE)" account act differently? I'm not able to easily test that out at the moment...


Ahh....and I would have used a special character other than those. But I couldn't get it to bomb again...doh!


I just did the following:

  1. Log in as SYS and ran "alter user jdorlon password expire"
  2. Attempted to log in as jdorlon, got the "password expired" prompt and changed password to: J d !!! (spaces before and after the d. I did not type any double-quotes)
  3. Disconnected and reconnected, typing my password just like that in the login dialog, w/o any double-quotes. It connected fine.
  4. Disconnected and reconnected, typing my password in all lowercase - got the expected ORA-01017.

If you have any more info on how I can reproduce this, let me know.

Well, nertz. Apparently, it's a good idea to report potential issues right when they happen, instead of 5 days later when they are decidedly more difficult to remember. :blush:

If I manage to recreate it, I'll report back.

Thanks for checking on this!

1 Like