ORDS Caches Old DB User Password While Using DB_Auth
(Doc ID 2586405.1)
Last updated on SEPTEMBER 15, 2022
Applies to:
Oracle REST Data Services - Version 18.2 and laterInformation in this document applies to any platform.
Symptoms
On : ORDS 18.2 version
Using DB Authorization for mod_plsql modules migrated to ORDS. If the user changes the database user password, ORDS will not recognize the new password until it is ORDS is bounced.
Expected Behavior
ORDS should recognize the new password as soon as it is changed in the database.
The issue can be reproduced at will with the following steps:
1. Start ORDS standalone.
2. alter user <username> identified by <new_pwd>;
3. In a new browser enter URL to access your module i.e: https://<server>:<port>/ords/mapping/owner.procedure
The user can login with password <new_pwd> for the user <username>.
4. Connect to the DB as a DBA and modify the password:
alter user <username> identified by <new_pwd2>;
5. Try again in a new browser run the URL: https://<server>:<port>/ords/mapping/owner.procedure
The user cannot login with password <new_pwd2>. However, if they use <new_pwd>, the login is successful.
6. Bounce standalone ORDS. The user can login with the password <new_pwd2>.
The issue has the following business impact:
Due to this issue, users cannot use the new password from ORDS URLs when the database password is changed.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |