My Oracle Support Banner

ORDS Caches Old DB User Password While Using DB_Auth (Doc ID 2586405.1)

Last updated on SEPTEMBER 15, 2022

Applies to:

Oracle REST Data Services - Version 18.2 and later
Information in this document applies to any platform.


On : ORDS 18.2 version

Using DB Authorization for mod_plsql modules migrated to ORDS. If the user changes the database user password, ORDS will not recognize the new password until it is ORDS is bounced. 

Expected Behavior
ORDS should recognize the new password as soon as it is changed in the database.

The issue can be reproduced at will with the following steps:

1. Start ORDS standalone.
2. alter user <username> identified by <new_pwd>;
3. In a new browser enter URL to access your module i.e: https://<server>:<port>/ords/mapping/owner.procedure
    The user can login with password <new_pwd> for the user <username>.
4. Connect to the DB as a DBA and modify the password: 
    alter user <username> identified by <new_pwd2>;
5. Try again in a new browser run the URL: https://<server>:<port>/ords/mapping/owner.procedure
    The user cannot login with password <new_pwd2>. However, if they use <new_pwd>, the login is successful. 
6. Bounce standalone ORDS. The user can login with the password <new_pwd2>.

The issue has the following business impact:
Due to this issue, users cannot use the new password from ORDS URLs when the database password is changed. 


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.