Currently, the Oracle Fusion Data Intelligence (FDI) platform enforces a strict password policy for the Data Validation user, which prohibits the use of any special characters (including commonly accepted secure characters like _ and -).
This restriction is outlined in Oracle documentation as:
“Ensure that the password for this user doesn’t contain any special characters or space.”
However, this limitation conflicts with industry-standard security policies, including ours, which require the use of at least one special character in all application credentials. It reduces password entropy, weakens compliance with security best practices (e.g. NIST, ISO 27001), and creates administrative burdens by forcing exceptions for FDI.
Impact:
- Weakens security posture due to mandatory use of simpler, less secure passwords
- Introduces inconsistency with organisation-wide password enforcement policies
- May cause obscure validation errors if the restriction is unintentionally violated (especially since the system does not explicitly reject the password at creation)
- Results in user frustration and troubleshooting overhead
Proposed Enhancement:
- Allow a safe subset of special characters, such as @ ,
_, -, and !, in the Data Validation user password - Clearly document which characters are supported and explicitly enforce validation during password setup
- Alternatively, allow organizations to configure allowable password policies via a parameter or governance setting
Business Justification:
This change would:
- Strengthen security by allowing complex, standards-compliant passwords
- Align with organizational security frameworks
- Reduce operational issues caused by unclear or overly restrictive password policies
We urge Oracle to prioritise this enhancement for improved security, usability, and compliance alignment.
