cancel
Showing results for 
Search instead for 
Did you mean: 

Why is a SQL connection working for a deactivated user with expired password

Former Member
0 Kudos

On our HANA instance we have saved the logon data at a sql connection for an active user. In the meantime this user has been deactivated automatically, because the password of this user has been expired. Therefore this user can no longer logon in HANA studio, in the web editor and no other sql connection can be created  with this user as logon user.

This makes surely sense. But is it really wished that the already saved sql connection is still working though the user has been deactivated? Additionally: The password is expired but the system does not force changing the password.

Thanks for every comment giving more background

Peter

Accepted Solutions (0)

Answers (1)

Answers (1)

lbreddemann
Active Contributor
0 Kudos

Alright,

so you want to kick out existing sessions when somebody tries to logon with the wrong password too often? That's the sure-way to denial of service attacks.

Also, the running session clearly used a valid logon, so the now expired password mustn't affect the running session.

It's very much like a key card - you can expire the key card but you will have to call security separately to get the now unwanted golf club member off the green...

Concerning the password change: what system are you exactly referring to?

SAP HANA provides the information that the password has been expired to the client application.

What the client application does with this information is another story.

When you try to logon newly in SAP HANA studio it will ask for a new set of credentials in case the old ones are invalid. For that there mustn't be any open connections with the same logon left in SAP HANA studio.

- Lars

Former Member
0 Kudos

Hi Lars,

First thanks for the fast response.

I understand that an open connection will not been cancelled in case the user gets deactivated or the password has been expired. But my situation is different. I am running a XSUnit test, which opens every time a new connection and this connection is opened though the logon user at the SQL connection is deactivated. Also after restarting my HANA instance the sql connection is still working.

To use your words: The club member is deactivated, but can still play golf so long the member is on the green. After leaving the club, I would expect that the members' key card will refuse the entry to the green, but the member can still play on the green.

Thanks

Peter

lbreddemann
Active Contributor
0 Kudos

Hmm.. are you sure about getting an actual new connection or could this be the effect of a connection pool where you get served the same connection back again?

If this is not the case, then I'd consider this to be a bug and would recommend to open a support incident.

- Lars

Former Member
0 Kudos

Hi Lars,

I am not sure how persistent connection pools are? I would expect that by restarting the HANA instance the connections will get lost, correct? In case I am wrong, do you know how to close my connection?

Do you have a suggestion, which component should be used for the incident?

Thanks

Peter

lbreddemann
Active Contributor
0 Kudos

Hmm... I would've assumed the same.

I'd try and go with HAN-DB-SEC first and probably look into

a) is there an actual reconnect happening?

b) is access granted while the account is locked?

and go from there.

- Lars