Re: APEX App to reset own password

From: Jeff Chirco <backseatdba_at_gmail.com>
Date: Tue, 16 Jul 2019 10:08:36 -0700
Message-ID: <CAKsxbLph7_rqb_49+DTkzL1u0wTCRXG1BW6yNFsM1MmXtQX4rQ_at_mail.gmail.com>

Shoot sorry I just realized I forgot to include some crucial information. I am asking about Oracle DB account. I would like to verify their database password before it gets changed.
Running APEX 19.1

On Tue, Jul 16, 2019 at 5:19 AM Bill Ferguson <wbfergus_at_gmail.com> wrote:

> Jeff -
>
> It isn't that bad if you already have your users in a table, and
> authenticate them against that. For several reasons, I had to switch my
> apps to authenticate locally instead of against AD (via LDAPS). So I
> modified a user table to include a password field, encrypted of course. If
> the user forgets their password, or it expires, whatever, then they can
> simply click a link to go to a password change app. They enter their AD
> "login" (and I add the rest, including the _at_ sign), to send them a random 4
> character code. Once they get that (in a few seconds), they enter the code
> and they are then allowed to change their password.
>
> It works pretty well so far, after a few months. The emails will only go
> to the user requesting the password change, so they can't request a change
> for another user. I use encryption so nobody can see the password, though I
> suppose there are some routines to crack the default routine used by
> dbms_crypto_hash. It at least got me and my apps away from any 'security
> challenges' of authenticating against AD once we migrate to the Amazon
> cloud.
>
> I'm sure there also easier ways, but without knowing what you are
> currently doing, it's hard to tell.
> Bill Ferguson
>
> On Mon, Jul 15, 2019 at 5:21 PM Jeff Chirco <backseatdba_at_gmail.com> wrote:
>
>> I would like to create an APEX Application that would allow a user to
>> reset their own password but I can't figure out how to authenticate the
>> user first. This scenario assumes that the user currently knows their
>> password. I want the user to enter their current password and and their
>> new one the submit which will then validate current password and change
>> it. Any way to accomplish this in APEX?
>>
>> Thanks for any suggestions.
>>
>
>
> --
> -- Bill Ferguson
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Jul 16 2019 - 19:08:36 CEST

This message: [ Message body ]
Next message: Howard Latham: "duplicate for standby incarnation problem"
In reply to Bill Ferguson: "Re: APEX App to reset own password"
Next in thread: Yong Huang: "Re: APEX App to reset own password"
Reply: Jeff Eberhard: "Re: APEX App to reset own password"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message