Geek Answers Handbook

Password restrictions in SQL Server and MySql

Does MySql 5.1 and SQL Server 2008 (web edition, standard) have any functional password restrictions other than length restrictions? Are metacharacters of any form bad ideas to use, such as punch, pipe, hash, any slash, carrots, etc.?

I know that MySql 5.1 has a password length limit of 16 characters, which is hard-coded, but I was wondering if any metacharacters (like non alphanumerics) are a bad idea to use? And is this true in SQL Server 2008, Standard Web Editor?

So specifically: can characters like:

/ `~>:} {[] ^ used successfully?

I would hope that this does not matter for the database, but I do not understand enough about the storage of passwords in corporate database systems, but I know for sure, and I was looking for confirmation or explanation.

+4
source share
4 answers
mysql> create user test identified by '/`~>:}{[]^'; Query OK, 0 rows affected (0.13 sec)

yes - you can log in with this command line:

  C:\Documents and Settings\rbouman2>mysql -utest -h127.0.0.1 -P3351 -p Enter password: **********

I tried to enter the password immediately after -p, but it did not work for windows - it thinks that I want to call more if I do this. but I am 100% sure on the windows shell. MySQL itself considers this to be a valid password.

+4
source

All of these characters are good at SQL Server passwords, but the documents for backup are sketchy.

The MSDN documentation on the SQL Server password means that any character, including whitespace, is allowed in SQL Server passwords, but if it contains a space, it must be restricted in T-SQL statements.

Microsoft SQL Server passwords can contain up to 128 characters, including letters, characters, and numbers. Because logical names, user names, roles, and passwords are often used in Transact-SQL statements, some characters must be enclosed in double quotation marks (") or square brackets ([]). Use these delimiters in Transact-SQL statements when SQL Logon , user, role, or password have the following characteristics:

  • Contains or begins with a space character.

  • Starts with a $ or @ character.

The MSDN documentation in the password policy explicitly confirms the following characters :! $ #%

And, as you already know, in the same documentation it is strongly recommended to use passwords "as long as possible and harder."

+4
source

Beware, even though MYSQL can work, your php / http daemon / .htaccess can do some wierdness for req, before passing them, I had a password with ($ and!) And it did NOT work with php- mysql, but the DID works from the console ... 8 characters. $ db_pass = "($ JlKl1!"; and what you know, it fails. change the password to "test". and bam, it works. Change the password to something ridiculously long (and completely devoid of "$" or "! "Or" ("), and it also worked.

0
source

In my experience, this is a backslash \ and a single quote ' , which you want to avoid in the MySQL password. From my tests, the following special characters look good:

 !@ #$%^&*:./?=+-_[]{}()<>

In addition, 32-character passwords are also suitable for use.

0
source

More articles:


All Articles