Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Oracle 8 Expiring Passwords ?

Oracle 8 Expiring Passwords ?

From: <clarkallan_at_aol.com>
Date: Mon, 05 Jul 1999 23:52:19 GMT
Message-ID: <7lrgfg$v68$1@nnrp1.deja.com> 





Our auditor's say that our user's password must at least expire every 30
days and that the user must be prompted to change his/her password.



When user logs in to the application we want a screen to come up where
they can input userid, current password, new password and confirm/repeat
new password.  When the user's password is expired , he/she must also be
forced to change the password (i.e. a message must be displayed that
reads something like this:  'Your password has expired, please enter a
new password').



The user must actually be able to change his/her password at any time
that he/she wants within this 30 day period as well.




Our Oracle 8 application uses Oracle Forms 4.5 as interface.



The Oracle 8 "CREATE PROFILE" command seems to handle the expiration
aspect as it has a grace time feature, but  ...



 ... If password expiration is set, the password will expire and the
user will not be able to login to the application.  The password must
then be reset by the DBA. The user does not know when his password will
expire.



The user does not have the means to change his password. Thus, using the
create profile command will lock users out at expiration without giving
them the chance to change password.



Also, they don't have a facility to change paswords in the interim.



I wonder if the current form that is displayed for login (which is built
right into either Oracle forms or the database software - it was not
developed by us and it is the same form when logging into a database
through SQL) be a different version if the password has expired and
still within grace period so a new password can be entered ?   In other
words, does it have a enter new password field ?



If not, then the user  effectively would be locked out eventually if
there is no place to enter the new password.  A new form would need
built to accept the new password.



My colleague has done some testing - the log-in form that is displayed
when the password is set to expire is the same form that is normally
displayed.  My logic tells me that Oracle must look into this, because
it is the login form that is displayed with their applications
(SQL Plus, Reports Builder, etc.).  When a form is developed to use in
our application it will not solve the problem when you use SQL Plus,
etc.



My colleague has also contacted Oracle regarding this issue, but it does
not look if they have a solution.  It looks to me that this is an aspect
that they have not given much thought.



Any advice appreciated.




Sent via Deja.com http://www.deja.com/



Share what you know. Learn what you don't.
Received on Mon Jul 05 1999 - 18:52:19 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US