Previous
Previous
 
Next
Next


STRONG_PASSWORD_CHECK Procedure

This procedure returns Boolean OUT values based on whether or not a proposed password meets the password strength requirements as defined by the Oracle Application Express site administrator.

Syntax

APEX_UTIL.STRONG_PASSWORD_CHECK(
    p_username                    IN  VARCHAR2,
    p_password                    IN  VARCHAR2,
    p_old_password                IN  VARCHAR2,
    p_workspace_name              IN  VARCHAR2,
    p_use_strong_rules            IN  BOOLEAN,
    p_min_length_err              OUT BOOLEAN,
    p_new_differs_by_err          OUT BOOLEAN,
    p_one_alpha_err               OUT BOOLEAN,
    p_one_numeric_err             OUT BOOLEAN,
    p_one_punctuation_err         OUT BOOLEAN,
    p_one_upper_err               OUT BOOLEAN,
    p_one_lower_err               OUT BOOLEAN,
    p_not_like_username_err       OUT BOOLEAN,
    p_not_like_workspace_name_err OUT BOOLEAN,
    p_not_like_words_err          OUT BOOLEAN,
    p_not_reusable_err            OUT BOOLEAN);

Parameters

Table: STRONG_PASSWORD_CHECK Parameters describes the parameters available in the STRONG_PASSWORD_CHECK procedure.

STRONG_PASSWORD_CHECK Parameters

Parameter Description

p_username

Username that identifies the account in the current workspace

p_password

Password to be checked against password strength rules

p_old_password

Current password for the account. Used only to enforce "new password must differ from old" rule

p_workspace_name

Current workspace name, used only to enforce "password must not contain workspace name" rule

p_use_strong_rules

Pass FALSE when calling this API

p_min_length_err

Result returns True or False depending upon whether the password meets minimum length requirement

p_new_differs_by_err

Result returns True or False depending upon whether the password meets "new password must differ from old" requirements

p_one_alpha_err

Result returns True or False depending upon whether the password meets requirement to contain at least one alphabetic character

p_one_numeric_err

Result returns True or False depending upon whether the password meets requirements to contain at least one numeric character

p_one_punctuation_err

Result returns True or False depending upon whether the password meets requirements to contain at least one punctuation character

p_one_upper_err

Result returns True or False depending upon whether the password meets requirements to contain at least one upper-case character

p_one_lower_err

Result returns True or False depending upon whether the password meets requirements to contain at least one lower-case character

p_not_like_username_err

Result returns True or False depending upon whether the password meets requirements that it not contain the username

p_not_like_workspace_name_err

Result returns True or False whether upon whether the password meets requirements that it not contain the workspace name

p_not_like_words_err

Result returns True or False whether the password meets requirements that it not contain specified simple words

p_not_reusable_err

Result returns True or False whether the password can be reused based on password history rules


Example

The following example shows how to use the STRONG_PASSWORD_CHECK procedure. It checks the new password 'foo' for the user 'SOMEBODY' meets all the password strength requirements defined by the Oracle Application Express site administrator. If any of the checks fail (the associated OUT parameter returns TRUE), then the example outputs a relevant message. For example, if the Oracle Application Express site administrator has defined that passwords must have at least one numeric character and the password 'foo' was checked, then the p_one_numeric_err OUT parameter would return TRUE and the message 'Password must contain at least one numeric character' would be output.

DECLARE
    l_username                    varchar2(30);
    l_password                    varchar2(30);
    l_old_password                varchar2(30);
    l_workspace_name              varchar2(30);
    l_min_length_err              boolean;
    l_new_differs_by_err          boolean;
    l_one_alpha_err               boolean;
    l_one_numeric_err             boolean;
    l_one_punctuation_err         boolean;
    l_one_upper_err               boolean;
    l_one_lower_err               boolean;
    l_not_like_username_err       boolean;
    l_not_like_workspace_name_err boolean;
    l_not_like_words_err          boolean;
    l_not_reusable_err            boolean;
    l_password_history_days       pls_integer;
BEGIN
    l_username := 'SOMEBODY';
    l_password := 'foo';
    l_old_password := 'foo';
    l_workspace_name := 'XYX_WS';
    l_password_history_days := 
        apex_instance_admin.get_parameter ('PASSWORD_HISTORY_DAYS');
 
    APEX_UTIL.STRONG_PASSWORD_CHECK(
        p_username                    => l_username,
        p_password                    => l_password,
        p_old_password                => l_old_password,
        p_workspace_name              => l_workspace_name,
        p_use_strong_rules            => false,
        p_min_length_err              => l_min_length_err,
        p_new_differs_by_err          => l_new_differs_by_err,
        p_one_alpha_err               => l_one_alpha_err,
        p_one_numeric_err             => l_one_numeric_err,
        p_one_punctuation_err         => l_one_punctuation_err,
        p_one_upper_err               => l_one_upper_err,
        p_one_lower_err               => l_one_lower_err,
        p_not_like_username_err       => l_not_like_username_err,
        p_not_like_workspace_name_err => l_not_like_workspace_name_err,
        p_not_like_words_err          => l_not_like_words_err,
        p_not_reusable_err            => l_not_reusable_err);

    IF l_min_length_err THEN
        htp.p('Password is too short');
    END IF;
 
    IF l_new_differs_by_err THEN
        htp.p('Password is too similar to the old password');
    END IF;
 
    IF l_one_alpha_err THEN
        htp.p('Password must contain at least one alphabetic character');
    END IF;
 
    IF l_one_numeric_err THEN
        htp.p('Password  must contain at least one numeric character');
    END IF;
 
    IF l_one_punctuation_err THEN
        htp.p('Password  must contain at least one punctuation character');
    END IF;
 
    IF l_one_upper_err THEN
        htp.p('Password must contain at least one upper-case character');
    END IF;
 
    IF l_one_lower_err THEN
        htp.p('Password must contain at least one lower-case character');
    END IF;
 
    IF l_not_like_username_err THEN
        htp.p('Password may not contain the username');
    END IF;
 
    IF l_not_like_workspace_name_err THEN
        htp.p('Password may not contain the workspace name');
    END IF;
 
    IF l_not_like_words_err THEN
        htp.p('Password contains one or more prohibited common words');
    END IF;

    IF l_not_reusable_err THEN
        htp.p('Password cannot be used because it has been used for the account within the last '||l_password_history_days||' days.');
    END IF;
END;