Application uses Oracle Users for authentication i.e. connection strings have userid / password for each user being passed to the data layer for connection to the database.
From my application, I am using the oracle command
Code: Select all
ALTER USER xxx IDENTIFIED by yyy ....
However, from within my application, i find that i am still able to log in using the userid + old password combination (in addition to being able to use the userid + new password combination)
I have verified in my code and confirmed that connection is being passed the userid + old password combination as expected but instead of an exception on Connection.Open() as I would expect to see, the dotconnect for Oracle driver succeeds in opening the connection.
Could it be something to do with connection pooling? I added a "Validate Connection=true;" parameter to my connection string but that did not seem to make any difference either.
Does anyone have any ideas or suggestions of what could be causing this kind of behaviour? and or what I might be doing incorrectly here?