Friday, February 20, 2009

Word of warning about and CP3

Hello everyone
I have been monitoring and taking part in a thread (click here for thread) on the OTN Discoverer Forum concerning an issue with 8-character passwords not always being accepted in Discoverer with CP3 installed.

Oracle Support have now confirmed that this is a bug and have posted it on MetaLink as bug number 8267360.

Basically - if you access the Discoverer login page for either Plus or Viewer with a URL parameter like &database=(TNS name) AND the user has exactly 8 characters in his / her password, then you will get an ORA-01017 logon denied, even though the password is correct.

These login bugs have been fixed with Cumulative Patch 4 (patch 7595032 on MetaLink)

If you are therefore on with any cumulative patch or on with CP1 or CP2 installed and you like to use the EUL switch in the launch URL you should install CP4, which was released on 28th April, 2009.

Jacob, I am indebted to you for bringing this to my attention.


U2Jacob said...

Hi Michael

You are very welcome. :) I just thought that this issue is so severe, that the entire Discoverer community needs to be aware of it - from my SR on Metalink, I already heard of several other Discoverer users being hit by this issue.

Personally, I can only imagine the mess it would have caused, if we had deployed this patch in production without testing it first. Most of our users have passwords with exactly 8 characters, so the issue was encountered pretty quickly in our test....

I can also confirm from my contact at Oracle Support, just as you, that the bug will be fixed in Cumulative Patch 4. This patch is currently scheduled for mid-March, in case you didn't know.

Thanks again,

U2Jacob said...

Hi Michael

Just so you know it - there is another login-related bug 8199931, introduced in CP3, which also will be fixed in CP4. It seems very similar to this bug.

Check the bug on Metalink - in any case, this is just another good reason to discard CP3 and wait for CP4.