Toad World® Forums

Users password with reguired double quotes

Hi,

Also again a question about version differences between 12.1 and 13.2.
In the version 12.1 i could make a user with special characters %!$ etc. But now in version 13.2 i got an error message with "Double quotes are required for an object named "password1!".

It is on the same Oracle database. Oracle 11.2.0.4 or 12.1.0.2.0 there is no difference.

Any options for bypassing it.

Hello,

Wrapping the user to be created in double quotes should have the same effect. For example a user of %! should be created as "%!" which will create a user of %!$.
image

Edit - Our forum software is stripping out the dollar sign in part of my message but it's there.

Mike

Hi Mike,

I mean when i create a user in version 12 i could create a user with special characters without any error in Toad. But now in version 13 i got the error message. The same statement is using on a Oracle 11 database or a Oracle 12 database to create the user.
example:
CREATE USER TEST
IDENTIFIED BY Changing1!
DEFAULT TABLESPACE DATA
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK;

Gr. Jan

You can't create a user with that password without double-quotes even in SQL*Plus.

image

I guess you are using the "Create User" window (at first I thought you were just trying to run the SQL in the Editor).

At the very least, the error message is not good and will be fixed.

I need to do some testing to make sure that we're doing the right thing by requiring the user to specify the double quotes. We may have changed that when Oracle went from case-insensitive passwords to case-sensitive passwords.

Evening All,

having just recently had to rewrite some old code to generate secure
passwords - GDPR and all that - I can say that the only special
characters that Oracle permit in a password are:

  • The hash/pound/number sign '#'.
  • The Underscore '_'.
  • The dollar sign '$'.

Everything else will be permitted - but not necessarily legal - if and
only if there are double quotes around the password.

A word of warning, especially as this one bit be on the backside some
years ago, do not ever thing of using the at sign '@' in a password.

The password system we had to use back then generated passwords and was
not Oracle savvy. One user got a password generated with an '@' in it.
This was fine in certain GUIs but on the command line, attempting to:

sqlplus my_username/my@password@my_alias

caused no end of problems - as you can imagine:

  • The username was ok.
  • The password was assumed to be 'my'.
  • The tns_alias was taken to be 'password@my_alias'.

It simply did not work!

HTH

PS. https://github.com/NormanDunbar/generatePassword if anyone is
interested.

1 Like

@j.dekker Sorry I am just now trying this....but for me, using Toad 13.2, the password is just double-quoted automatically, and there is no error.

I only see one problem in this window. Here are the steps to reproduce it:

  • Go to Options -> Oracle -> General
  • Set "Double Quote Object Names" to ALL
  • In the Create User window, create a user named BOB, password can be anything (special chars not a factor)
  • The I get the message "Double-quotes are required for an object named BOB"

Note: this is actually a problem in all of the windows to create database objects.

This is a bug and I'll fix it. The workaround would be to just set the double-quote option back to one of the other choices.

If you have any additional info about how to reproduce the error you originally reported, please let me know.

Hi JohnDorlon,

Tanks for the feedback and i'll wait for the fix. And in the meantime use the workaround.

Gr. Jan

Hi JohnDorlon,

I question: can you tell me when the fix is published to download/installing.

ps. i made another question for automation designer where i made a app for checking through db_health_check several db's. In previous version there was a connecting to the database first and than the check was running, then connecting to the other db and then running the check. Now in version 13.2 there is firt connecting to all the database and when conected to all the databases the check is running per database . This takes also more time and i can't check if the password is correct for a database.

Can you help me als with this

Thx Jan

Both problems will be fixed in the next beta.

oké, thx
we will still use the old version and wait for the beta