Enabling Case-Sensitive Passwords with E-Business Release 12
By Elke Phelps-Development-Oracle on Jan 06, 2012
Password security and complexity is often a concern for security and audit teams. With the recent release of patch 12964564, Oracle E-Business Suite Release 12.1.1 with a minimum database level of 11gR1 now supports password case sensitivity. Let's review this database feature in greater detail.
Password case sensitivity was introduced with Oracle Database 11gR1. Passwords were not case sensitive in earlier versions. For Oracle database versions prior to 11gR1, the passwords "Manager", "MANAGER", and "manager" were all equivalent. In an 11gR1 database and higher with password case sensitivity turned on, each of these passwords, "Manager", "MANAGER" and "manager" are unique passwords with unique hash values.
Password case sensitivity is turned on by default for any newly created 11gR1 or higher database . The database parameter for this feature is SEC_CASE_SENSITIVE_LOGON:
- When this parameter is set to TRUE, password case sensitivity is enabled.
- When set to FALSE, it is disabled.
If you have migrated from a prior database version to 11gR1 and SEC_CASE_SENSITIVE_LOGON is set to true, the default behavior is as follows:
- Existing users must first initiate a password change for password case sensitivity to be enforced
- New users created in the 11g database will automatically use password case sensitivity
The following example on a generic database -- not an E-Business Suite database -- illustrates how the password case sensitivity feature works in 11g.
First, a new user, "newuser1", is created in an 11g database.
Next, information from the DBA_USERS view is displayed.
The following shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is disabled.
Finally, the following shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is enabled.
For instructions on how to enable password case sensitivity with EBS R12.1.1 running on the 11gR1 Database and higher, please refer to the following MOS documentation:
- Enabling the Oracle Database 11g Case-Sensitive Password Feature for Oracle E-Business Suite 12.1.1+ (Note 1581584.1)
- Database Initialization Parameters for Oracle E-Business Suite Release 12 (Note 396009.1)
- Oracle Application Object Library Release Notes for Release 12.1.3 (Note 1095283.1)