ID: 33365
User updated by: uherj at avx dot cz
Reported By: uherj at avx dot cz
-Status: Feedback
+Status: Open
Bug Type: OCI8 related
Operating System: *
PHP Version: 5.*, 4.* (2005-06-17)
New Comment:
-normal user CAN change password.
-user with expired password MUST change password (before issue queries,
drop tables/databases etc.). Standard db applications (PL/SQL developer,
toad..) allow to users change expired password. Why is it impossible
using PHP?
-changing passwords by administrator is used for forgotten passwords or
locked accounts.
-could you imagine an admistrator, what every second month change
expired password for hundred accounts? (dear Sorbanes-Oxley ).
If you think this is not useful in PHP, please close thise bug. This
all look as a discussion forum than the bug description.
Previous Comments:
------------------------------------------------------------------------
[2005-06-17 21:01:19] [EMAIL PROTECTED]
What is the difference between usual users and users with expired
passwords? If the password has expired, it should be changed by an
administrator. In the other case there is no sense in "expiring"
password, because the user will be able to login without any problems
(and issue queries, drop tables/databases etc.).
------------------------------------------------------------------------
[2005-06-17 15:18:33] uherj at avx dot cz
I need connect to change password (using OCIpasswordchange). User is
not locked or droped, it is still valid user. Creating new users with
expired password is one of standard security procedure.
Same situation hapens, when expired grace period - user MUST change
password before doing anything else. It ensure periodical change of
passwords.
------------------------------------------------------------------------
[2005-06-17 14:32:51] [EMAIL PROTECTED]
Full stop.
You're trying to connect with an *expired* login/password. Why do you
expect it to work?
Bug #31623 reports about quite different problem - the password it
still valid, but will expire in next N days, that's why it's allowed to
connect.
So I don't see any reason to call it "bug", because the reason why it
refuses to connect is perfectly valid to me.
------------------------------------------------------------------------
[2005-06-17 11:43:56] uherj at avx dot cz
I downloaded latest PHP5 and tried it under this one. This bug shows in
PHP5 too.
------------------------------------------------------------------------
[2005-06-17 11:03:21] [EMAIL PROTECTED]
You don't have to update PHP installed to try newer version.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/33365
--
Edit this bug report at http://bugs.php.net/?id=33365&edit=1
