Friday Jan 06, 2012

Enabling Case-Sensitive Passwords with E-Business Release 12

Password security and complexity is often a concern for security and audit teams.  With the recent release of patch 12964564, Oracle E-Business Suite Release 12.1.1 with a minimum database level of 11gR1 now supports password case sensitivity.  Let's review this database feature in greater detail.  

Password case sensitivity was introduced with Oracle Database 11gR1.  Passwords were not case sensitive in earlier versions.  For Oracle database versions prior to 11gR1, the passwords "Manager", "MANAGER", and "manager" were all equivalent.  In an 11gR1 database and higher with password case sensitivity turned on, each of these passwords, "Manager", "MANAGER" and "manager" are unique passwords with unique hash values.  

Password case sensitivity is turned on by default for any newly created 11gR1 or higher database .  The database parameter for this feature is SEC_CASE_SENSITIVE_LOGON:

  • When this parameter is set to TRUE, password case sensitivity is enabled.
  • When set to FALSE, it is disabled.  
The DBA_USERS view now has a PASSWORD_VERSIONS column that indicates the database release in which the password was created or last modified. 

If you have migrated from a prior database version to 11gR1 and SEC_CASE_SENSITIVE_LOGON is set to true, the default behavior is as follows:
  • Existing users must first initiate a password change for password case sensitivity to be enforced
  • New users created in the 11g database will automatically use password case sensitivity 

The following example on a generic database -- not an E-Business Suite database -- illustrates how the password case sensitivity feature works in 11g.

First, a new user, "newuser1",  is created in an 11g database.

Next, information from the DBA_USERS view is displayed.

The following shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is disabled.

Finally, the following  shows behavior of a migrated 10g user, "system" and an newly created 11g user, "newuser1" when password case sensitivity is enabled.


For instructions on how to enable password case sensitivity with EBS R12.1.1 running on the 11gR1 Database and higher, please refer to the following MOS documentation:

Related Articles

About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today