There is a built-in authentication type called "Database Accounts" that you
can set your application to. This will make it so the user will use their
Oracle credentials to log into the application. From there you can build
the page to request the new password with a page process to perform the
change.
--Jeff
On Tue, Jul 16, 2019 at 11:10 AM Jeff Chirco <backseatdba@xxxxxxxxx> wrote:
Shoot sorry I just realized I forgot to include some crucial information.
I am asking about Oracle DB account. I would like to verify their database
password before it gets changed.
Running APEX 19.1
On Tue, Jul 16, 2019 at 5:19 AM Bill Ferguson <wbfergus@xxxxxxxxx> wrote:
Jeff -
It isn't that bad if you already have your users in a table, and
authenticate them against that. For several reasons, I had to switch my
apps to authenticate locally instead of against AD (via LDAPS). So I
modified a user table to include a password field, encrypted of course. If
the user forgets their password, or it expires, whatever, then they can
simply click a link to go to a password change app. They enter their AD
"login" (and I add the rest, including the @ sign), to send them a random 4
character code. Once they get that (in a few seconds), they enter the code
and they are then allowed to change their password.
It works pretty well so far, after a few months. The emails will only go
to the user requesting the password change, so they can't request a change
for another user. I use encryption so nobody can see the password, though I
suppose there are some routines to crack the default routine used by
dbms_crypto_hash. It at least got me and my apps away from any 'security
challenges' of authenticating against AD once we migrate to the Amazon
cloud.
I'm sure there also easier ways, but without knowing what you are
currently doing, it's hard to tell.
Bill Ferguson
On Mon, Jul 15, 2019 at 5:21 PM Jeff Chirco <backseatdba@xxxxxxxxx>
wrote:
I would like to create an APEX Application that would allow a user to
reset their own password but I can't figure out how to authenticate the
user first. This scenario assumes that the user currently knows their
password. I want the user to enter their current password and and their
new one the submit which will then validate current password and change
it. Any way to accomplish this in APEX?
Thanks for any suggestions.
--
-- Bill Ferguson
