Oracle Database 23ai Free - Auto-generated passwords sometimes include special characters
PaulNeumann opened this issue · 2 comments
As noted in the README.md file for the Oracle Database 23ai Free project, special characters in the SYS/SYSTEM/PDBADMIN password cause database creation to fail.
The install.sh script currently uses openssl rand -base64 to auto-generate the password if the user doesn't specify one. Using base64 sometimes causes the password to include special characters. Using openssl rand -hex prevents this problem.
I'll submit a PR with this change for your consideration.
For security, it would be better to allow special chars that are allowed, and only restrict the problematic ones like '@'. Or fix the DB creation steps to effectively quote the passwords used during creation. I haven't looked at what is failing, but on Linux, if SQL*Plus is being invoked from the shell, this can mean using backslashes before quotes to make sure the quotes are passed into SQL*Plus, which will then strip them:
sqlplus scott/\"mysecret@password\"
I agree, it would be better if special characters were allowed. Unfortunately, it's DBCA that's failing, which isn't something that this project has control over. The install.sh script does quote the password when passing it to the /etc/init.d/oracle-free-23ai configure script.
This issue first appeared in Oracle Database 23ai Free 23.4.0, and it's still present in 23.5.0. In prior versions through Oracle Database 23c Free 23.3.0, the configuration script allowed special characters in the password.