In Earlier releases password was not case sensitive.
The case sensitive feature is default feature for Oracle 11g databases. Of course this feature can be enabled/disabled with an initialization parameter SEC_CASE_SENSITIVE_LOGON
SQL> SHOW PARAMETER SEC_CASE_SENSITIVE_LOGON NAME TYPE VALUE ------------------------------------ ----------- ---------------------------- sec_case_sensitive_logon boolean TRUE SQL> ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = FALSE; System altered.
The case sensitive password functionality can be seen below.
SEC_CASE_SENSITIVE_LOGON initialization parameter is TRUE and creates a new user with a mixed case password. CONN / AS SYSDBA SQL> SHOW PARAMETER SEC_CASE_SENSITIVE_LOGON NAME TYPE VALUE ------------------------------------ ----------- ---------------------------- sec_case_sensitive_logon boolean TRUE SQL> CREATE USER testuser IDENTIFIED BY TestUser; SQL> GRANT CONNECT TO testuser;2. Trying to connect using different case passwords.
SQL> CONN testuser/TestUser Connected. SQL> CONN testuser/testuser ERROR: ORA-01017: invalid username/password; logon denied Warning: You are no longer connected to ORACLE. SQL>3. Changing the parameter SEC_CASE_SENSITIVE_LOGON to FALSE and we can connect.
CONN / AS SYSDBA ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = FALSE; SQL> CONN testuser/TestUser Connected. SQL> CONN testuser/TESTUSER Connected. SQL>An important point is that even when case sensitive passwords are not enabled, the original case of the password when it was created/modified is retained. Which means that the passwords case sensitivity can be used in subsequent settting of the parameter SEC_CASE_SENSITIVE_LOGON to TRUE
