Toad World® Forums

Oracle connection issue with password containing special charaters

Hi All,

I’m facing a problem in connecting to oracle 10g with a password containing some special characters (double quote and dollar):




I can connect correctly using sqlplus and sql developper, but when I try with my toad data point I get the following error:

Invalid character in non-quoted parameter value
Stack Trace:
at Devart.Common.r.a(Hashtable A_0)
at Devart.Common.r…ctor(String A_0, Hashtable A_1, Boolean A_2)
at Devart.Data.Oracle.ce…ctor(String A_0)
at A_0, r A_1)
at Devart.Common.DbConnectionFactory.a(String A_0, r& A_1)
at Devart.Common.DbConnectionBase.set_ConnectionString(String value)
at Quest.Toad.Db.ConnectionProxy.Implementation.ConnectionImplementation…ctor(String fullType, String connectionString)
at Quest.Toad.Db.ConnectionProxy.ProxyConnection.ActualCreateConnection(Object[] parameters)

I tried escaping with backslash, double backslash, surrounding with apexes but nothing works.

Any idea?

Thanks in advance.


I verified this issue on my end and it is indeed a bug. I created QAT-6876 to fix.

Hi alessandro.folloni,

I went through this issue and based on official Oracle documentation for 10g and also for 12g double quotes (") are not allowed in password.

In 10g documentation (…/statements_8003.htm)::slight_smile:

The BY password clause lets you creates a local user and indicates that the user must specify password to log on to the database. Passwords can contain only single-byte characters from your database character set regardless of whether the character set also contains multibyte characters.

Passwords must follow the rules described in the section “Schema Object Naming Rules”, unless you are using the Oracle Database password complexity verification routine. That routine requires a more complex combination of characters than the normal naming rules permit. You implement this routine with the UTLPWDMG.SQL script, which is further described in Oracle Database Security Guide.

And Schema Object Naming Rules says (…/sql_elements008.htm:slight_smile:

Quoted identifiers can contain any characters and punctuations marks as well as spaces. However, neither quoted nor nonquoted identifiers can contain double quotation marks or the null character (\0).

In 12g doc (…/statements_8003.htm:slight_smile:

The BY password clause lets you creates a local user and indicates that the user must specify password to log on to the database. Passwords are case sensitive. Any subsequent CONNECT string used to connect this user to the database must specify the password using the same case (upper, lower, or mixed) that is used in this CREATE USER statement or a subsequent ALTER USER statement. Passwords can contain any single-byte, multibyte, or special characters, or any combination of these, from your database character set, with the exception of the double quotation mark (") and the return character. If a password starts with a non-alphabetic character, or contains a character other than an alphanumeric character, the underscore (_), dollar sign ($), or pound sign (#), then it must be enclosed in double quotation marks. Otherwise, enclosing a password in double quotation marks is optional.

Also I was not able to create user with password which contained double quotes ("). Dollar sign works correctly and I was also able to connect with user who has password containing these special sings: !%^@$*()_+~`-=[{]}|;:’,<.>/&#

I was able to create user with password which contains different double quotes, not that one included in Normal ASCII table with code 34 (") but from extended ASCII table (“). This extended ASCII sign is used for example by rich editors like Word, Outlook etc.

alter user user_name identified by ““and$”

Can you provide us which kind of double quotes (" or “) do you use and how did you create user with such password?

Also have you tried latest Toad Data Point 3.8 or latest Toad Data Point 4.0 Beta? Beta could be downloaded here…/

Thank you