• PDF / 209,308 Bytes
• 8 Pages / 504 x 720 pts Page_size
• 100 Downloads / 202 Views

DOWNLOAD

REPORT

Reset Password A user who wants to access this application can do so only with a valid ID and password. You created some user accounts in the previous chapter and assigned them IDs and groups. In this chapter, you will create a facility for setting and changing passwords. Note that this feature will be invoked from the Utilities menu. The Reset Password interface is self-explanatory. Administrators select a user ID and then provide and confirm a new password for it. The application then checks to make sure both of these are identical and, if so, allocates the password to the user ID. Users may also use the same method to reset an existing password. The initial password allocation task is performed by the application administrator.

9.1  Add Custom Functions The users you created in the previous chapter reside in the database table GL_USERS without passwords; therefore, none of them can access the application at the moment. You’ll create the password interface by adding a blank page to the application, but first you have to add two custom functions, CUSTOM_AUTH and CUSTOM_HASH, to your database. After receiving login information, the APEX engine evaluates and executes the authentication scheme that will be configured at the end of this chapter. The scheme makes a call to a function named CUSTOM_AUTH, which, in conjunction with the CUSTOM_ HASH function, authenticates users using the credentials stored in the GL_USERS table. The two functions are added to the database to implement a custom authentication mechanism. The CUSTOM_HASH function is a subordinate function to the CUSTOM_AUTH

© Riaz Ahmed 2019 R. Ahmed, Cloud Computing Using Oracle Application Express, https://doi.org/10.1007/978-1-4842-4243-8_9

77

Chapter 9

Reset Password

function and is called from the parent function to obfuscate passwords with hash algorithm. Execute the following steps to add these two functions to the database: 1. Open the SQL Commands interface from SQL Workshop. 2. Copy and paste the two functions available in the Chapter9\ Custom Functions.txt file and click the Run button to store them in the database. If you are using the online APEX version, then create the functions provided in the CustomFunctions.txt file, which uses the DBMS_OBFUSCATION_TOOLKIT package. For an offline APEX version, use the Custom_Functions_DBMS_CRYPTO. txt file. 3. For verification, open the Object Browser interface and locate the two functions in the Functions category, as shown Figure 9-1.

Figure 9-1.  Functions category Note that the DBMS_OBFUSCATION_TOOLKIT package has been deprecated in favor of DBMS_CRYPTO, which is now used to encrypt and decrypt data. It provides support for various industry-standard encryption and hashing algorithms, including the highly secure Advanced Encryption Standard (AES) encryption algorithm. AES has been approved as a new standard to replace the Data Encryption Standard (DES). Oracle Database installs the DBMS_CRYPTO package in the SYS schema. In order to use this package, users must be granted access to it, as shown h

Recommend Documents

A global reset of education

143 88 267KB

Distributed PCFG Password Cracking

167 98 48MB

Reset Control Systems

152 31 7MB

Leakage Resilient Password Systems

187 1 3MB

Password-authenticated searchable encryption

195 69 1012KB

Password-Based Protocols

150 35 4MB

Password-Based Authentication

192 24 7MB

Practical Threshold Password-Authenticated Secret Sharing Protocol

174 85 434KB

Revisiting Security Vulnerabilities in Commercial Password Managers

187 102 24MB

Fuzzy Asymmetric Password-Authenticated Key Exchange

174 39 24MB

ByPass: Reconsidering the Usability of Password Managers

169 60 34MB

Password Generators: Old Ideas and New

191 21 136KB