mod_plsql: Why A DAD Set Up With A User Without RESTRICTED SESSION Privilege Is Able To Log Into The Database When The Database Is Running In RESTRICTED MODE (Doc ID 1618895.1)

Last updated on FEBRUARY 15, 2017

Applies to:

Oracle HTTP Server - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Symptoms

A mod_plsql application is able to access the database using the username and connect string specified in the DAD even when the database has been set to run in RESTRICTED MODE. When a database is set to operate in RESTRICTED MODE the expectation is just database users with the RESTRICTED SESSION privilege are able to log into the database. If the user specified in the DAD has not this privilege it should be unable to log in and return an ORA-1035 error instead.

When trying to access Database using a SQL tool like sqlplus or SQLDeveloper using the same DB user defined in the DAD the ORA-1035 is returned (as expected):

 

 

Changes

 No changes at the Database level.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms