This content has been marked as final. Show 2 replies
You may also be interested to know that using special character in the internal administrator id will cause issues on 220.127.116.11 and 18.104.22.168 actually documented the characters you should NOT use. See http://docs.oracle.com/cd/E17236_01/epm.1112/epm_deploy_guide_1112200.pdf
I have also seen issues with the internal admin password when it was > 25 characters which caused the shared services migration utility to fail.
The moral of the story is "secure" passwords dont' always play well with software. Which I could see being a problem in the 1980's. With the advent of Unicode and it's ilk it's sad to see that arbitrary text is not properly escaped. I know I"m ranting to the choir though Charles ;).
Regards and Happy New Year!
John A. Booth
Yes it's amazing that there are still escaping issues and I do recall seeing the "characters not to use" document at one point or another. It does make your head hurt a bit. :)
The bigger looming issue; however, is the potential to exploit this from a security perspective. As we're wrapping up our year end close, I don't have the time to experiment with this more. Once we've closed our year out, I'm going to see if I can create any security holes using this as that might convince them to move past the "characters not to use" documents and perhaps start escaping things.