Re: APEX App to reset own password

Jeff -

It isn't that bad if you already have your users in a table, and authenticate them against that. For several reasons, I had to switch my apps to authenticate locally instead of against AD (via LDAPS). So I modified a user table to include a password field, encrypted of course. If the user forgets their password, or it expires, whatever, then they can simply click a link to go to a password change app. They enter their AD "login" (and I add the rest, including the _at_ sign), to send them a random 4 character code. Once they get that (in a few seconds), they enter the code and they are then allowed to change their password.

It works pretty well so far, after a few months. The emails will only go to the user requesting the password change, so they can't request a change for another user. I use encryption so nobody can see the password, though I suppose there are some routines to crack the default routine used by dbms_crypto_hash. It at least got me and my apps away from any 'security challenges' of authenticating against AD once we migrate to the Amazon cloud.

I'm sure there also easier ways, but without knowing what you are currently doing, it's hard to tell.
Bill Ferguson

On Mon, Jul 15, 2019 at 5:21 PM Jeff Chirco <backseatdba_at_gmail.com> wrote:

> I would like to create an APEX Application that would allow a user to
> reset their own password but I can't figure out how to authenticate the
> user first. This scenario assumes that the user currently knows their
> password. I want the user to enter their current password and and their
> new one the submit which will then validate current password and change
> it. Any way to accomplish this in APEX?
>
> Thanks for any suggestions.
>

-- 
-- Bill Ferguson

--
http://www.freelists.org/webpage/oracle-l