Re: APEX App to reset own password

From: Jeff Chirco <backseatdba_at_gmail.com>
Date: Wed, 17 Jul 2019 11:18:30 -0700
Message-ID: <CAKsxbLoNDZZ0mb9sTR_B09fpQM43DBXNNamXy_trjPxV2HAbHA_at_mail.gmail.com>



Thanks we thought of doing it that way, having them log in first and then change the password. But since this will be a standalone application I was trying to see if there is a way to have a single page that will accept old and new password, validate old and then change it to new.

On Tue, Jul 16, 2019 at 4:32 PM Jeff Eberhard <jeff.eberhard_at_gmail.com> wrote:

> There is a built-in authentication type called "Database Accounts" that
> you can set your application to. This will make it so the user will use
> their Oracle credentials to log into the application. From there you can
> build the page to request the new password with a page process to perform
> the change.
>
> --Jeff
>
> On Tue, Jul 16, 2019 at 11:10 AM Jeff Chirco <backseatdba_at_gmail.com>
> wrote:
>
>> Shoot sorry I just realized I forgot to include some crucial
>> information. I am asking about Oracle DB account. I would like to verify
>> their database password before it gets changed.
>> Running APEX 19.1
>>
>> On Tue, Jul 16, 2019 at 5:19 AM Bill Ferguson <wbfergus_at_gmail.com> wrote:
>>
>>> Jeff -
>>>
>>> It isn't that bad if you already have your users in a table, and
>>> authenticate them against that. For several reasons, I had to switch my
>>> apps to authenticate locally instead of against AD (via LDAPS). So I
>>> modified a user table to include a password field, encrypted of course. If
>>> the user forgets their password, or it expires, whatever, then they can
>>> simply click a link to go to a password change app. They enter their AD
>>> "login" (and I add the rest, including the _at_ sign), to send them a random 4
>>> character code. Once they get that (in a few seconds), they enter the code
>>> and they are then allowed to change their password.
>>>
>>> It works pretty well so far, after a few months. The emails will only go
>>> to the user requesting the password change, so they can't request a change
>>> for another user. I use encryption so nobody can see the password, though I
>>> suppose there are some routines to crack the default routine used by
>>> dbms_crypto_hash. It at least got me and my apps away from any 'security
>>> challenges' of authenticating against AD once we migrate to the Amazon
>>> cloud.
>>>
>>> I'm sure there also easier ways, but without knowing what you are
>>> currently doing, it's hard to tell.
>>> Bill Ferguson
>>>
>>> On Mon, Jul 15, 2019 at 5:21 PM Jeff Chirco <backseatdba_at_gmail.com>
>>> wrote:
>>>
>>>> I would like to create an APEX Application that would allow a user to
>>>> reset their own password but I can't figure out how to authenticate the
>>>> user first. This scenario assumes that the user currently knows their
>>>> password. I want the user to enter their current password and and their
>>>> new one the submit which will then validate current password and change
>>>> it. Any way to accomplish this in APEX?
>>>>
>>>> Thanks for any suggestions.
>>>>
>>>
>>>
>>> --
>>> -- Bill Ferguson
>>>
>>

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Jul 17 2019 - 20:18:30 CEST

Original text of this message