ORDS Caches Old DB User Password While Using DB_Auth
(Doc ID 2586405.1)
Last updated on JUNE 01, 2020
Applies to:Oracle REST Data Services - Version 18.2 and later
Information in this document applies to any platform.
On : ORDS 18.2 version
Using DB Authorization for mod_plsql modules migrated to ORDS. If the user changes the database user password, ORDS will not recognize the new password until it is ORDS is bounced.
ORDS should recognize the new password as soon as it is changed in the database.
The issue can be reproduced at will with the following steps:
1. Start ORDS standalone.
2. alter user <username> identified by <new_pwd>;
3. In a new browser enter URL to access your module i.e: https://<server>:<port>/ords/mapping/owner.procedure
The user can login with password <new_pwd> for the user <username>.
4. Connect to the DB as a DBA and modify the password:
alter user <username> identified by <new_pwd2>;
5. Try again in a new browser run the URL: https://<server>:<port>/ords/mapping/owner.procedure
The user cannot login with password <new_pwd2>. However, if they use <new_pwd>, the login is successful.
6. Bounce standalone ORDS. The user can login with the password <new_pwd2>.
The issue has the following business impact:
Due to this issue, users cannot use the new password from ORDS URLs when the database password is changed.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document