Solved [ALL TD VERSIONS] TD-22832: SqlConnect & mixed case password issue

Report bugs and possible workarounds.
Dave Rabelink
Founder/Site Admin
Founder/Site Admin
Netherlands
Posts: 1088
Joined: 24 Feb 2017, 09:12
Location: Gouda, The Netherlands

[ALL TD VERSIONS] TD-22832: SqlConnect & mixed case password issue

Post by Dave Rabelink » 03 Apr 2018, 07:27

This is a strange issue we have accidentally discovered.
Seems to be in all TD versions, including 'newer' UNICODE and old ANSI versions.

Situation:
- Using Oracle
- Do a SqlConnect with database/user/password as variables.
The connection settings are correct so a connect is OK
- Next do a SqlConnect (second connection) using the same user but using a different password. The password MUST be the same, except the case of the characters. For instance

Connection 1 : TESTUSER TESTPASSWORD
Connection 2 : TESTUSER testpassword

The first connection 1 is OK (the user really has the uppercase password configured on the database)

But strangely, the second SqlConnect is also OK. The function actually returns TRUE and gives a new SqlHandle.
But in fact this is not OK as the user does not have a lowercase password.

Only when passing a completely different password in the second call, the connection fails. But when using any combination of cases for the password in the second call, the connection is OK.

So, on first connect password is TESTPASSWORD
Then on second connect use any of these passwords:

TestPassword
TESTpassword
testPASSword

etc

Use sample:

ConnectWithCasedPassword.zip

Press connect. It will first connect using the supplied settings (they must be OK).
When connected, a msgbox is shown indicating the result.
Then it will connect using another case of the password.
It will connect also.

Only when disconnecting the first connection, the second connect will fail.

The sample is in TD15.

I also saw in TD 1.5 the same issue, but not persistant. I have to redo the test and place breakpoints on the connect and remove them and soddenly even TD 1.5 will show the issue. Seems something is cached and not cleared correctly.

In TD 6.x I tested, the testcase always connects the second time.
You do not have the required permissions to view the files attached to this post.
Regards,
Dave Rabelink

Image
Articles and information on Team Developer Tips & Tricks Wiki
Download samples, documents and resources from TD Sample Vault
Videos on TDWiki YouTube Channel

Harald
Germany
Posts: 13
Joined: 30 Mar 2017, 06:16
Location: Oberhaching/Munich, Germany

[ALL TD VERSIONS] TD-22832: SqlConnect & mixed case password issue

Post by Harald » 03 Apr 2018, 08:48

Hello Dave,

which version of Oracle do you use? The password is only in the newest version (12c) case sensitive.

Kind regards
Harald

Dave Rabelink
Founder/Site Admin
Founder/Site Admin
Netherlands
Posts: 1088
Joined: 24 Feb 2017, 09:12
Location: Gouda, The Netherlands

[ALL TD VERSIONS] TD-22832: SqlConnect & mixed case password issue

Post by Dave Rabelink » 03 Apr 2018, 09:31

Harald wrote:
03 Apr 2018, 08:48
which version of Oracle do you use? The password is only in the newest version (12c) case sensitive.
I will check this when I'm back in the office. But even then, it would not explain why the first connect would fail with the differently cased password on the first connect.
When disconnecting the first connected cursor and trying to connect a second time using the "wrong" password, it actually fails.
So passwords are correctly checked on the first connect, but not checked at all when keeping the first connection open and trying to connect another one.

But I will retest the sample and check what settings are present on the Oracle database and play with that to see if that changes the outcome.
Regards,
Dave Rabelink

Image
Articles and information on Team Developer Tips & Tricks Wiki
Download samples, documents and resources from TD Sample Vault
Videos on TDWiki YouTube Channel

Dave Rabelink
Founder/Site Admin
Founder/Site Admin
Netherlands
Posts: 1088
Joined: 24 Feb 2017, 09:12
Location: Gouda, The Netherlands

[ALL TD VERSIONS] TD-22832: SqlConnect & mixed case password issue

Post by Dave Rabelink » 23 Apr 2018, 11:54

Looking at the database parameter setting:

Code: Select all

show parameter sec_case_sensitive_logon;

NAME                     TYPE    VALUE 
------------------------ ------- ----- 
sec_case_sensitive_logon boolean TRUE 
So, database has case sensitive passwords enabled.
The testcase fails on this database. So it is a TD defect.
Regards,
Dave Rabelink

Image
Articles and information on Team Developer Tips & Tricks Wiki
Download samples, documents and resources from TD Sample Vault
Videos on TDWiki YouTube Channel

Dave Rabelink
Founder/Site Admin
Founder/Site Admin
Netherlands
Posts: 1088
Joined: 24 Feb 2017, 09:12
Location: Gouda, The Netherlands

[ALL TD VERSIONS] TD-22832: SqlConnect & mixed case password issue

Post by Dave Rabelink » 18 Jun 2018, 07:04

This defect is solved in TD 7.1
Regards,
Dave Rabelink

Image
Articles and information on Team Developer Tips & Tricks Wiki
Download samples, documents and resources from TD Sample Vault
Videos on TDWiki YouTube Channel

Return to “Bug Reports”

Who is online

Users browsing this forum: [Ccbot] and 0 guests