Re: APEX App to reset own password

From: Jeff Eberhard <jeff.eberhard_at_gmail.com>
Date: Tue, 16 Jul 2019 17:32:39 -0600
Message-ID: <CANeW-=bEp20o8dDFR=LVK22x24Npzgoa+wPTqqQBMz4go137Qg_at_mail.gmail.com>

There is a built-in authentication type called "Database Accounts" that you can set your application to. This will make it so the user will use their Oracle credentials to log into the application. From there you can build the page to request the new password with a page process to perform the change.

--Jeff

On Tue, Jul 16, 2019 at 11:10 AM Jeff Chirco <backseatdba_at_gmail.com> wrote:

> Shoot sorry I just realized I forgot to include some crucial information.
> I am asking about Oracle DB account. I would like to verify their database
> password before it gets changed.
> Running APEX 19.1
>
> On Tue, Jul 16, 2019 at 5:19 AM Bill Ferguson <wbfergus_at_gmail.com> wrote:
>
>> Jeff -
>>
>> It isn't that bad if you already have your users in a table, and
>> authenticate them against that. For several reasons, I had to switch my
>> apps to authenticate locally instead of against AD (via LDAPS). So I
>> modified a user table to include a password field, encrypted of course. If
>> the user forgets their password, or it expires, whatever, then they can
>> simply click a link to go to a password change app. They enter their AD
>> "login" (and I add the rest, including the _at_ sign), to send them a random 4
>> character code. Once they get that (in a few seconds), they enter the code
>> and they are then allowed to change their password.
>>
>> It works pretty well so far, after a few months. The emails will only go
>> to the user requesting the password change, so they can't request a change
>> for another user. I use encryption so nobody can see the password, though I
>> suppose there are some routines to crack the default routine used by
>> dbms_crypto_hash. It at least got me and my apps away from any 'security
>> challenges' of authenticating against AD once we migrate to the Amazon
>> cloud.
>>
>> I'm sure there also easier ways, but without knowing what you are
>> currently doing, it's hard to tell.
>> Bill Ferguson
>>
>> On Mon, Jul 15, 2019 at 5:21 PM Jeff Chirco <backseatdba_at_gmail.com>
>> wrote:
>>
>>> I would like to create an APEX Application that would allow a user to
>>> reset their own password but I can't figure out how to authenticate the
>>> user first. This scenario assumes that the user currently knows their
>>> password. I want the user to enter their current password and and their
>>> new one the submit which will then validate current password and change
>>> it. Any way to accomplish this in APEX?
>>>
>>> Thanks for any suggestions.
>>>
>>
>>
>> --
>> -- Bill Ferguson
>>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Jul 17 2019 - 01:32:39 CEST

This message: [ Message body ]
Next message: Leng: "Re: duplicate for standby incarnation problem"
Previous message: Nassyam Basha: "Re: duplicate for standby incarnation problem"
In reply to: Jeff Chirco: "Re: APEX App to reset own password"
In reply to Jeff Chirco: "Re: APEX App to reset own password"
Next in thread: Jeff Chirco: "Re: APEX App to reset own password"
Reply: Jeff Chirco: "Re: APEX App to reset own password"
Reply: Mladen Gogala: "Re: APEX App to reset own password"
Reply: Mark W. Farnham: "RE: APEX App to reset own password"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message