59.147 STRONG_PASSWORD_CHECK Procedure
This procedure returns Boolean OUT values based on whether a proposed password meets the password strength requirements as defined by the Oracle APEX site administrator.
Syntax
APEX_UTIL.STRONG_PASSWORD_CHECK (
p_username IN VARCHAR2,
p_password IN VARCHAR2,
p_old_password IN VARCHAR2,
p_workspace_name IN VARCHAR2,
p_use_strong_rules IN BOOLEAN,
p_min_length_err OUT BOOLEAN,
p_new_differs_by_err OUT BOOLEAN,
p_one_alpha_err OUT BOOLEAN,
p_one_numeric_err OUT BOOLEAN,
p_one_punctuation_err OUT BOOLEAN,
p_one_upper_err OUT BOOLEAN,
p_one_lower_err OUT BOOLEAN,
p_not_like_username_err OUT BOOLEAN,
p_not_like_workspace_name_err OUT BOOLEAN,
p_not_like_words_err OUT BOOLEAN,
p_not_reusable_err OUT BOOLEAN );Parameters
| Parameter | Description |
|---|---|
p_username |
Username that identifies the account in the current workspace. |
p_password |
Password to be checked against password strength rules. |
p_old_password |
Current password for the account. Used only to enforce "new password must differ from old" rule. |
p_workspace_name |
Current workspace name, used only to enforce "password must not contain workspace name" rule. |
p_use_strong_rules |
Pass FALSE when calling this API.
|
p_min_length_err |
Result returns TRUE or FALSE depending upon whether the password meets minimum length requirement.
|
p_new_differs_by_err
|
Result returns TRUE or FALSE depending upon whether the password meets "new password must differ from old" requirements.
|
p_one_alpha_err |
Result returns TRUE or FALSE depending upon whether the password meets requirement to contain at least one alphabetic character.
|
p_one_numeric_err |
Result returns TRUE or FALSE depending upon whether the password meets requirements to contain at least one numeric character.
|
p_one_punctuation_err |
Result returns TRUE or FALSE depending upon whether the password meets requirements to contain at least one punctuation character.
|
p_one_upper_err |
Result returns TRUE or FALSE depending upon whether the password meets requirements to contain at least one upper-case character.
|
p_one_lower_err |
Result returns TRUE or FALSE depending upon whether the password meets requirements to contain at least one lower-case character.
|
p_not_like_username_err |
Result returns TRUE or FALSE depending upon whether the password meets requirements that it must not contain the username.
|
p_not_like_workspace_name_err
|
Result returns TRUE or FALSE depending upon whether the password meets requirements that it must not contain the workspace name.
|
p_not_like_words_err |
Result returns TRUE or FALSE whether the password meets requirements that it must not contain specified simple words.
|
p_not_reusable_err |
Result returns TRUE or FALSE whether the password can be reused based on password history rules.
|
Example
The following example checks if the new password foo for the user SOMEBODY meets all the password strength requirements defined by the APEX site administrator. If any of the checks fail (the associated OUT parameter returns TRUE), then the example outputs a relevant message. For example, if the APEX site administrator defined that passwords must have at least one numeric character and the password foo is checked, then the p_one_numeric_err OUT parameter returns TRUE and the message "Password must contain at least one numeric character" displays.
DECLARE
l_username varchar2(30);
l_password varchar2(30);
l_old_password varchar2(30);
l_workspace_name varchar2(30);
l_min_length_err boolean;
l_new_differs_by_err boolean;
l_one_alpha_err boolean;
l_one_numeric_err boolean;
l_one_punctuation_err boolean;
l_one_upper_err boolean;
l_one_lower_err boolean;
l_not_like_username_err boolean;
l_not_like_workspace_name_err boolean;
l_not_like_words_err boolean;
l_not_reusable_err boolean;
l_password_history_days pls_integer;
BEGIN
l_username := 'SOMEBODY';
l_password := 'foo';
l_old_password := 'foo';
l_workspace_name := 'XYX_WS';
l_password_history_days :=
apex_instance_admin.get_parameter ('PASSWORD_HISTORY_DAYS');
APEX_UTIL.STRONG_PASSWORD_CHECK(
p_username => l_username,
p_password => l_password,
p_old_password => l_old_password,
p_workspace_name => l_workspace_name,
p_use_strong_rules => false,
p_min_length_err => l_min_length_err,
p_new_differs_by_err => l_new_differs_by_err,
p_one_alpha_err => l_one_alpha_err,
p_one_numeric_err => l_one_numeric_err,
p_one_punctuation_err => l_one_punctuation_err,
p_one_upper_err => l_one_upper_err,
p_one_lower_err => l_one_lower_err,
p_not_like_username_err => l_not_like_username_err,
p_not_like_workspace_name_err => l_not_like_workspace_name_err,
p_not_like_words_err => l_not_like_words_err,
p_not_reusable_err => l_not_reusable_err);
IF l_min_length_err THEN
htp.p('Password is too short');
END IF;
IF l_new_differs_by_err THEN
htp.p('Password is too similar to the old password');
END IF;
IF l_one_alpha_err THEN
htp.p('Password must contain at least one alphabetic character');
END IF;
IF l_one_numeric_err THEN
htp.p('Password must contain at least one numeric character');
END IF;
IF l_one_punctuation_err THEN
htp.p('Password must contain at least one punctuation character');
END IF;
IF l_one_upper_err THEN
htp.p('Password must contain at least one upper-case character');
END IF;
IF l_one_lower_err THEN
htp.p('Password must contain at least one lower-case character');
END IF;
IF l_not_like_username_err THEN
htp.p('Password may not contain the username');
END IF;
IF l_not_like_workspace_name_err THEN
htp.p('Password may not contain the workspace name');
END IF;
IF l_not_like_words_err THEN
htp.p('Password contains one or more prohibited common words');
END IF;
IF l_not_reusable_err THEN
htp.p('Password cannot be used because it has been used for the
account within the last '||l_password_history_days||' days.');
END IF;
END;Parent topic: APEX_UTIL