Jeff -
It isn't that bad if you already have your users in a table, and
authenticate them against that. For several reasons, I had to switch my
apps to authenticate locally instead of against AD (via LDAPS). So I
modified a user table to include a password field, encrypted of course. If
the user forgets their password, or it expires, whatever, then they can
simply click a link to go to a password change app. They enter their AD
"login" (and I add the rest, including the @ sign), to send them a random 4
character code. Once they get that (in a few seconds), they enter the code
and they are then allowed to change their password.
It works pretty well so far, after a few months. The emails will only go to
the user requesting the password change, so they can't request a change for
another user. I use encryption so nobody can see the password, though I
suppose there are some routines to crack the default routine used by
dbms_crypto_hash. It at least got me and my apps away from any 'security
challenges' of authenticating against AD once we migrate to the Amazon
cloud.
I'm sure there also easier ways, but without knowing what you are currently
doing, it's hard to tell.
Bill Ferguson
On Mon, Jul 15, 2019 at 5:21 PM Jeff Chirco <backseatdba@xxxxxxxxx> wrote:
I would like to create an APEX Application that would allow a user to
reset their own password but I can't figure out how to authenticate the
user first. This scenario assumes that the user currently knows their
password. I want the user to enter their current password and and their
new one the submit which will then validate current password and change
it. Any way to accomplish this in APEX?
Thanks for any suggestions.
