on 05-04-2015 11:44 AM
On our HANA instance we have saved the logon data at a sql connection for an active user. In the meantime this user has been deactivated automatically, because the password of this user has been expired. Therefore this user can no longer logon in HANA studio, in the web editor and no other sql connection can be created with this user as logon user.
This makes surely sense. But is it really wished that the already saved sql connection is still working though the user has been deactivated? Additionally: The password is expired but the system does not force changing the password.
Thanks for every comment giving more background
Peter
Alright,
so you want to kick out existing sessions when somebody tries to logon with the wrong password too often? That's the sure-way to denial of service attacks.
Also, the running session clearly used a valid logon, so the now expired password mustn't affect the running session.
It's very much like a key card - you can expire the key card but you will have to call security separately to get the now unwanted golf club member off the green...
Concerning the password change: what system are you exactly referring to?
SAP HANA provides the information that the password has been expired to the client application.
What the client application does with this information is another story.
When you try to logon newly in SAP HANA studio it will ask for a new set of credentials in case the old ones are invalid. For that there mustn't be any open connections with the same logon left in SAP HANA studio.
- Lars
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lars,
First thanks for the fast response.
I understand that an open connection will not been cancelled in case the user gets deactivated or the password has been expired. But my situation is different. I am running a XSUnit test, which opens every time a new connection and this connection is opened though the logon user at the SQL connection is deactivated. Also after restarting my HANA instance the sql connection is still working.
To use your words: The club member is deactivated, but can still play golf so long the member is on the green. After leaving the club, I would expect that the members' key card will refuse the entry to the green, but the member can still play on the green.
Thanks
Peter
Hi Lars,
I am not sure how persistent connection pools are? I would expect that by restarting the HANA instance the connections will get lost, correct? In case I am wrong, do you know how to close my connection?
Do you have a suggestion, which component should be used for the incident?
Thanks
Peter
User | Count |
---|---|
80 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.