password limitations in SQL Server and MySql

Solution 1

 mysql> create user test identified by '/`~>:}{[]^';
 Query OK, 0 rows affected (0.13 sec)

yes - you can actually login now with this command line:

 C:\Documents and Settings\rbouman2>mysql -utest -h127.0.0.1 -P3351 -p
 Enter password: **********

I tried entering the password directly after -p, but that didn't work for windows - it thinks i want to invoke more if I do that. but I am 100% sure that's on the windows shell. MySQL itself feels this is a valid password.

Solution 2

All these characters are good in SQL Server passwords, but the docs to back it up are sketchy.

The MSDN documentation on SQL Server password strength implies that any symbol including whitespace characters is allowed in SQL Server passwords, but if it contains white space it must be delimited in T-SQL statements.

Microsoft SQL Server passwords can contain up to 128 characters, including letters, symbols, and digits. Because logins, user names, roles, and passwords are frequently used in Transact-SQL statements, certain symbols must be enclosed by double quotation marks (") or square brackets ([ ]). Use these delimiters in Transact-SQL statements when the SQL Server login, user, role, or password has the following characteristics:

• Contains or starts with a space character.

• Starts with the $ or @ character.

The MSDN documentation on password policy explicitly confirms the following characters are allowed: ! $ # %

And, as you'd already know, the same documentation strongly encourages that you use passwords which are "as long and complex as possible."

Solution 3

In my experience, it's the backslash \ and the single quote ' that you'll want to avoid in a MySQL password. From my tests, the following special characters appear to be fine to use:

!@#$%^&*:./?=+-_[]{}()<>

Also, 32-character passwords seem to be okay to use, too.

Author by

asteroid

Updated on June 27, 2022