In Oracle 11g password is case sensitive and the default login failure attempts are set to 10 at the database level.
In Oracle 10g and before we all know that passwords are not case sensitive, so PASSWORD, Password, password would let you in and are all the same.
If you upgrade to Oracle 11g (I know lot of you are waiting for 11gR2), you will find that passwords are case sensitive. Here is an example of case sensitive passwords.
$>sqlplus user/user@mydb1
SQL*Plus: Release 11.2.0.1.0 Production on Wed Apr 28 11:04:00 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
Lets try to connect with a upper case password now...
$>sqlplus user/user@mydb1
SQL*Plus: Release 11.2.0.1.0 Production on Wed Apr 28 11:04:00 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
So what does this mean to apps running with 91 or 10g, that get to run against a 11g database have to make sure that the password set in it's configuration files is using the correct case.
You can also revert to 9i/10g behavior by changing the database-level parameter sec_case_sensitive_logon parameter to FALSE (its TRUE by default)
alter system set sec_case_sensitive_logon=FALSE;
Also, if you are using DEFAULT profile, it will inherit max login attempts to 10 which is the DEFAULT for 11g databases.
You can set it to an acceptable number by the following:
alter system set sec_max_failed_login_attempts=20 scope=spfile;
You need a database bounce for the above..
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment