This content has been marked as final. Show 4 replies
I think your solution would look something like this:
1. Add a public page to change the password.
2. Provide fields for current, new and verification password.
3. Have your own process that executes a statement like this:
alter user identified by :new replace :current
You'll need to run this with an execute immediate command. Because the alter is not PL/SQL
4. Add your own page validation to make sure the new and verification passwords are the same.
5. Have a link on your login page to this new public page.
I think this should work for you.
I think the major problem here is to create a function that validates if the value of
the current password field is the same as the current user expired password.
Do you have any suggestions to solve this?
Well... normally I would say that it doesn't matter because the database will tell you that. We don't need to know the password.
But I setup a little proof of concept to see how this would work and I see the issue.
APEX connects with a different user than the one you're trying to log in, so when you try to change someone else's password you get "ORA-01031: insufficient privileges".
I'm not sure if there's a way to have a privileged procedure that could issue the command. Such procedure could test that the provided user and password can connect before issuing the alter statement.
I'm not aware of a way to do this with standard APEX.
APEX4.2: There is a package and function in it: sys.wwv_flow_val.verify_user(username => l_username, password => l_old_password);
It can be run under APEX_040200 schema, so you can write your own procedure to for validating and changing passwords.