Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Special character in password Expand / Collapse
Author
Message
Posted Tuesday, June 25, 2013 11:41 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, September 3, 2013 6:32 AM
Points: 136, Visits: 314
I wanted to find out for sure if what I experienced today with a password is a standard error or if something else is going on.
For a new user account the password was set with some alpha characters, a number and an "@"
The user could not log into the database from either application that was the reason for the user.
When the "@" was replaced in the password with another character the user could log in through both apps.
According to books online [see below] there are certain special characters listed that specifically cannot be used and there are examples of special characters that can be used. .... but the "@" sign is not listed in either set of characters.

So, my question is, would this be an application password limitation or a SQL Server login limitation?
Thank you for your insight!


FROM BOOKS ONLINE
Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. When password complexity policy is enforced, new passwords must meet the following guidelines:

•The password does not contain all or part of the account name of the user. Part of an account name is defined as three or more consecutive alphanumeric characters delimited on both ends by white space such as space, tab, and return, or any of the following characters: comma (,), period (.), hyphen (-), underscore (_), or number sign (#).

•The password is at least eight characters long.

•The password contains characters from three of the following four categories:

◦Latin uppercase letters (A through Z)

◦Latin lowercase letters (a through z)

◦Base 10 digits (0 through 9)

◦Non-alphanumeric characters such as: exclamation point (!), dollar sign ($), number sign (#), or percent (%).

Passwords can be up to 128 characters long. You should use passwords that are as long and complex as possible.

Post #1467304
Posted Wednesday, June 26, 2013 7:34 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, July 15, 2014 6:13 AM
Points: 307, Visits: 475
I have the @ symbol for several service users and it works fine. I would assume therefore that the problem is an application problem and not the database itself.

The second reason I think that it is the application, is that when Windows Authentication is the means by which SQL Server is accssed, Windows acceptable passwords would need to work. The @ symbol is acceptable within Windows and therefore should also be acceptable to SQL Server.
Post #1467648
Posted Wednesday, June 26, 2013 7:47 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 6:48 AM
Points: 7,094, Visits: 12,581
@ is acceptable in both SQL Server and Windows passwords. In the case of Windows Authentication, SQL Server will never even be sent the actual password as authentication is offloaded to Active Directory. Sounds like an application issue to me. Something in between the login screen/dialog and the database server the application is munging the password.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1467669
Posted Wednesday, June 26, 2013 8:56 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Monday, July 21, 2014 5:35 AM
Points: 69, Visits: 565
I've experienced this issue if the application is using a SQL login and the @ character is in the password. I could never get the application to connect properly so had to change the password (the application was running on a standalone legacy server so windows authentication wasn't an option)

Post #1467722
Posted Wednesday, June 26, 2013 11:24 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, September 3, 2013 6:32 AM
Points: 136, Visits: 314
Thank you all for the replies.

The applications do connect using a SQL login [integrated Windows login is not supported by the application]

It is good to know that others have experienced the same issue.

I changed the passwords and all is working correctly now. Just a quirk to remember.
Post #1467797
Posted Thursday, June 27, 2013 2:15 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Monday, July 21, 2014 5:35 AM
Points: 69, Visits: 565
Yeah, I think it was how the application was parsing the connection string to get the password, as I could connect with the same username/password combo fine in SSMS, but the developers of the application couldn't provide much input, so hence changing the password was easier.
Post #1468002
Posted Thursday, June 27, 2013 5:41 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 6:48 AM
Points: 7,094, Visits: 12,581
Was it a Java app by chance?

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Post #1468094
Posted Thursday, June 27, 2013 8:43 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, September 3, 2013 6:32 AM
Points: 136, Visits: 314
It was MS Dynamics GP direct connection and the connection through Scribe GP adapter.
Post #1468199
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse