Educause Security Discussion mailing list archives
Complex passwords and Oracle
From: "Geoffrey S. Nathan" <geoffnathan () WAYNE EDU>
Date: Mon, 15 Sep 2008 12:20:15 -0400
Apologies for cross-posting. We at Wayne State are in the process of implementing a strong password requirement of the usual sort (upper and lower case, numbers, eight characters etc.) We have just run into something that seems odd, and is simultaneously a policy and a technical issue. We run Banner, which has an Oracle component. Oracle’s password rules forbid certain characters (" / @ &), and requires that any password containing other non-alphanumerics be enclosed in quote marks--like "th!s". Although we elected not to require non-alphanumerics, this seems to actually forbid them, which strikes me as dumbing down any complexity requirement, and decreasing security. Has anyone else experienced this issue? Please reply to me off-list, as this may be a 'teaching granny to suck eggs' kind of question and I don’t want to take up others' bandwidth with it. Geoff Nathan Security Policy Coordinator, C&IT Wayne State University geoffnathan () wayne edu
Current thread:
- Complex passwords and Oracle Geoffrey S. Nathan (Sep 15)
- <Possible follow-ups>
- Re: Complex passwords and Oracle Randy Marchany (Sep 15)