SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Special character in password


Special character in password

Author
Message
Ellen-477471
Ellen-477471
SSC-Addicted
SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)

Group: General Forum Members
Points: 414 Visits: 314
I wanted to find out for sure if what I experienced today with a password is a standard error or if something else is going on.
For a new user account the password was set with some alpha characters, a number and an "@"
The user could not log into the database from either application that was the reason for the user.
When the "@" was replaced in the password with another character the user could log in through both apps.
According to books online [see below] there are certain special characters listed that specifically cannot be used and there are examples of special characters that can be used. .... but the "@" sign is not listed in either set of characters.

So, my question is, would this be an application password limitation or a SQL Server login limitation?
Thank you for your insight!


FROM BOOKS ONLINE
Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. When password complexity policy is enforced, new passwords must meet the following guidelines:

•The password does not contain all or part of the account name of the user. Part of an account name is defined as three or more consecutive alphanumeric characters delimited on both ends by white space such as space, tab, and return, or any of the following characters: comma (,), period (.), hyphen (-), underscore (_), or number sign (#).

•The password is at least eight characters long.

•The password contains characters from three of the following four categories:

◦Latin uppercase letters (A through Z)

◦Latin lowercase letters (a through z)

◦Base 10 digits (0 through 9)

◦Non-alphanumeric characters such as: exclamation point (!), dollar sign ($), number sign (#), or percent (%).

Passwords can be up to 128 characters long. You should use passwords that are as long and complex as possible.
kevaburg
kevaburg
SSCarpal Tunnel
SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)SSCarpal Tunnel (4.2K reputation)

Group: General Forum Members
Points: 4187 Visits: 1025
I have the @ symbol for several service users and it works fine. I would assume therefore that the problem is an application problem and not the database itself.

The second reason I think that it is the application, is that when Windows Authentication is the means by which SQL Server is accssed, Windows acceptable passwords would need to work. The @ symbol is acceptable within Windows and therefore should also be acceptable to SQL Server.
Orlando Colamatteo
Orlando Colamatteo
SSC-Dedicated
SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)

Group: General Forum Members
Points: 36732 Visits: 14411
@ is acceptable in both SQL Server and Windows passwords. In the case of Windows Authentication, SQL Server will never even be sent the actual password as authentication is offloaded to Active Directory. Sounds like an application issue to me. Something in between the login screen/dialog and the database server the application is munging the password.

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
liteswitch
liteswitch
Old Hand
Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)

Group: General Forum Members
Points: 398 Visits: 598
I've experienced this issue if the application is using a SQL login and the @ character is in the password. I could never get the application to connect properly so had to change the password (the application was running on a standalone legacy server so windows authentication wasn't an option)
Ellen-477471
Ellen-477471
SSC-Addicted
SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)

Group: General Forum Members
Points: 414 Visits: 314
Thank you all for the replies.

The applications do connect using a SQL login [integrated Windows login is not supported by the application]

It is good to know that others have experienced the same issue.

I changed the passwords and all is working correctly now. Just a quirk to remember.
liteswitch
liteswitch
Old Hand
Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)Old Hand (398 reputation)

Group: General Forum Members
Points: 398 Visits: 598
Yeah, I think it was how the application was parsing the connection string to get the password, as I could connect with the same username/password combo fine in SSMS, but the developers of the application couldn't provide much input, so hence changing the password was easier.
Orlando Colamatteo
Orlando Colamatteo
SSC-Dedicated
SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)SSC-Dedicated (36K reputation)

Group: General Forum Members
Points: 36732 Visits: 14411
Was it a Java app by chance?

__________________________________________________________________________________________________
There are no special teachers of virtue, because virtue is taught by the whole community. --Plato
Ellen-477471
Ellen-477471
SSC-Addicted
SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)SSC-Addicted (414 reputation)

Group: General Forum Members
Points: 414 Visits: 314
It was MS Dynamics GP direct connection and the connection through Scribe GP adapter.
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search