Home » RDBMS Server » Security » Can I alter my own expired password from application level?
Can I alter my own expired password from application level? [message #182002] Wed, 12 July 2006 09:59 Go to next message
prabalacherjee
Messages: 4
Registered: January 2006
Location: Noida
Junior Member
I am working on an application with Oracle Forms 10g in front end. Now the requirement of the application
is whenever any user log in to the application, he/she should be prompted for the new password.
To achieve this I am forcing the password of all the users to be expired. But the other requirement is
not to use the Oracle default "Login" and "Change Password" screen. We have developed our customized Login and
Change password screen. Now the question is how can an user change his/her expired password from the customized
Change password screen as the user cannot login because their password has already expired.

So is there any way so that the user can change their expired password accounts from the application?

I do appreciate the help in trying to solve this.
Re: Can I alter my own expired password from application level? [message #182061 is a reply to message #182002] Wed, 12 July 2006 14:34 Go to previous messageGo to next message
nmacdannald
Messages: 460
Registered: July 2005
Location: Stockton, California - US...
Senior Member
If the password is expired but still on grace (not locked) you can still log in and do an 'alter user <username> identified by <new password>;'
Re: Can I alter my own expired password from application level? [message #182094 is a reply to message #182061] Thu, 13 July 2006 00:11 Go to previous messageGo to next message
prabalacherjee
Messages: 4
Registered: January 2006
Location: Noida
Junior Member
I am working on an application with Oracle Forms 10g in front end. Now the requirement of the application
is whenever any user log in to the application, he/she should be prompted for the new password.
To achieve this I am forcing the password of all the users to be expired and PASSWORD_GRACE_TIME is over. But the other
requirement is not to use the Oracle default "Login" and "Change Password" screen. We have developed our customized
Login and Change password screen. Now the question is how can an user change his/her expired password after PASSWORD_GRACE_TIME is over
from the customized Change password screen as the user cannot login because their password has already expired.

So is there any way so that the user can change their expired password accounts after PASSWORD_GRACE_TIME is over from the application?

I do appreciate the help in trying to solve this.
Re: Can I alter my own expired password from application level? [message #199115 is a reply to message #182094] Fri, 20 October 2006 04:50 Go to previous message
h_jitendras
Messages: 36
Registered: October 2006
Member
When a user's password is expired,capture that Oracle error i.e Exception (in the When-Then clause).
Grant them that user name and Password(may be the one which you are using/ADMIN etc.) as the one which has the necessary privilege to enable them to change their password by logging in the application.
you can try with the command
ALTER USER <username> PASSWORD EXPIRE
this will expire the password of the user and Oracle will give him an error with the message "Your password has expired".Capture this error and make his user id & password as the one which has the privilege to change password(beware,he might end up changing the password of the Id you supplied him with).Then straight away take him to the Password change page which will ultimately fire the query "ALTER USER <username> IDENTIFIED by <password>

Hope this helps you..

[Updated on: Fri, 20 October 2006 04:55]

Report message to a moderator

Previous Topic: database link
Next Topic: changing passwords
Goto Forum:
  


Current Time: Mon Dec 05 15:17:15 CST 2016

Total time taken to generate the page: 0.12084 seconds