When using OE RDBMS, OE Data Server for Oracle and OE Client Networking (with data server broker) -- our progress application cannot handle the full stack of error messages coming back from Oracle. It would seem that since v10, only the top level error can be passed to the client application. (this worked as expected through v9.x).

This is pretty useless now. When a user logs into the application with bad username/password, locked account, expired password, etc. or changes their password (e.g. if the pw was expired), instead of getting meaningful messages back from Oracle (password too short...too long...too simple... same as username...does not meet complexity requirement...etc)...all we get is Oracle error -1012... Not Logged on.

The full stack of errors are being written to the dataserv.lg.

It is unreasonable to have an application with lots of users, to have to refer every single pass-through error to result in a ticket to the application support team. Meaningful message handling is essential to a business application.

Allegedly, this functionality was removed on the request of a previous customer enhancement."The generic messages posted back to the client was implemented as part of previous customer-requested enhancements (quite old now), where it was not desirable to pass the exact error (and therefore reason for the failure) to the user for reasons of security. The system administrator would reference the log to determine the error and remedy it."

Sadly, I think that change was a step backward not forward. Telling someone why they cannot connect is not a security issue. It is a security REQUIREMENT.

We would very much like to see the behaviour changed (reinstated) so that all login errors are returned to the clients and not just posted to the dataserv.lg.

Thanks!

JT