In an era where cyber threats loom large, ensuring the security of your applications is of utmost importance. Oracle Application Express (Apex) is a powerful tool that allows developers to build robust web applications. However, without proper security measures in place, these applications can become vulnerable to unauthorized access and data breaches.
One of the key elements of application security is password validation. By implementing effective password validation techniques, you can enhance the strength of your authentication system and mitigate the risk of unauthorized access. In this article, we will delve into the world of password validation in Oracle Apex, exploring its significance, implementation, and the benefits it brings to both security and user experience.
Password Validation Is An Important Issue In Oracle Apex Applications. The Use Of Password Validation To Keep
Applications And Data Secure Is Immense.
In Today's Video/Post, I Will Discuss Password Validation In Detail.
1. Statically.
2. Dynamically.
We Will Use Password Validation Dynamically So That The Admin User Of The Application Can Set Their Own Password
Validation.
Password Validation Will Include Any Validation Method....................
Password Must Contain At Least One Uppercase Letter From A-z.
Password Must Contain At Least One Lowercase Letter From A-z.
Password Must Contain At Least One Number From 0-9.
Password Must Contain A Special Character (@, $, !, &, Etc.).
Password Must Be At Least 8 Characters Long.
The Most Important Thing Is That The Password Field Cannot Be Left Empty.
Example: Abc#1234
Steps How To Use Password Validation In Oracle Apex Application...............
1. In The 1st Step, We Will Show You How To Statically Set Password
Validation.
I Will Go Directly To The Change My Password Page To Set Password Validation.
Create A Validation By Clicking The Right Button On The New_password Item.
Name-pass_validation
Type-function Body (Returning Error Text)
Pl/sql Function Body Returning Error Text (Paste the following code)
<![CDATA[BEGIN
IF LENGTH ( :P14_NEW_PASSWORD) < 8
THEN
RETURN 'Password length must be more than 8 Character';
ELSE
IF LENGTH ( :P14_NEW_PASSWORD) > 20
THEN
RETURN 'Password length must be less than 10 Character';
ELSE
IF NOT REGEXP_LIKE ( :P14_NEW_PASSWORD, '^.*[A-Z]', 'c')
THEN
RETURN 'Upper Case characters Not Found';
ELSE
IF NOT REGEXP_LIKE ( :P14_NEW_PASSWORD, '^.*[a-z]', 'c')
THEN
RETURN 'Lower Case characters Not Found';
ELSE
IF NOT REGEXP_LIKE ( :P14_NEW_PASSWORD, '^.*[a-zA-Z]', 'c')
THEN
RETURN 'Alhpabet characters Not Found';
ELSE
IF NOT REGEXP_LIKE ( :P14_NEW_PASSWORD,
'^.*[0-9]',
'c')
THEN
RETURN 'Numeric characters Not Found';
ELSE
IF NOT REGEXP_LIKE ( :P14_NEW_PASSWORD,
'^.*[!@#$%^&*()_]',
'c')
THEN
RETURN 'Special characters Not Found';
ELSE
RETURN '';
END IF;
END IF;
END IF;
END IF;
END IF;
END IF;
END IF;
END;]]>
The Pl/sql Script You Will Modify According To Your Application, Especially The Script Should Be Renamed According
To The Name Of The Item On Your Page.
.
Our 1st Step Is Almost Done. Is The Static Password Validation We Used At This Stage Working Correctly? I Will Check
It.
Our 1st Step Has Completed The Use Of Static Password Validation.
1
2. In Step 2 We Will Show How To Use Dynamically Password Validation..........
To Use Dynamically Password Validation, We Need To Create A Table And A Procedure. I Will Create a Table And
Procedure Step By Step And Try To Give You All Scripts.
Create A Table (Can Also Create Table Using Below Script)
<![CDATA[CREATE TABLE "PASSWORD_POLICY"
(
"OID" NUMBER,
"PASS_MIN_LENGTH" NUMBER,
"PASS_MAX_LENGTH" NUMBER,
"ALPHABETIC_CHAR" VARCHAR2 (1),
"NUMERIC_CHAR" VARCHAR2 (1),
"PUNCTUATION_CHAR" VARCHAR2 (1),
"UPPER_CASE_CHAR" VARCHAR2 (1),
"LOWER_CASE_CHAR" VARCHAR2 (1),
"USER_NAME" VARCHAR2 (1),
"WORD_LIST" VARCHAR2 (1024),
"PUNCTUATION_CHAR_LIST" VARCHAR2 (1024)
);]]>
Create A Form Page
Name -Set Password Validation
Table- PASSWORD_POLICY
We Will Create A List Of Values For Ease Of Work
Go To Shared Components
Click Lists of Values
Click Create
Name- YES_OR_NO
Source: Static Values
Display- Yes, No
Return- Y, N
I Will Arrange All The Items Of The Form In My Own Way..
Here We Will Create Only One Row, Later Admin Users Will Only Update Their Policies.
I Will Create A Process To Insert The Data.
Name- Insert Data
Since We Will Do All The Work In One Row. So To Update The Data Of A Row, I Will
Create A Process In The Before Header.
At This Stage We Will Create A Procedure To Use Password Validation. (Paste the
following code)
<![CDATA[CREATE OR REPLACE PROCEDURE "PASSWORD_VALIDATION" (
pPassword IN VARCHAR2,
vUSERID IN VARCHAR2,
vOutMessage OUT VARCHAR2)
AS
vPASS_MIN_LENGTH INTEGER;
vPASS_MAX_LENGTH INTEGER;
vALPHABETIC_CHAR VARCHAR2 (2);
vNUMERIC_CHAR VARCHAR2 (2);
vUPPER_CASE_CHAR VARCHAR2 (2);
vLOWER_CASE_CHAR VARCHAR2 (2);
vPUNCTUATION_CHAR VARCHAR2 (2);
vPASSWORD_DIFF VARCHAR2 (2);
pPassword_old VARCHAR2 (4000);
pPassword_old_1 VARCHAR2 (4000);
--- vOutMessage VARCHAR2 (100);
BEGIN
SELECT PASS_MIN_LENGTH,
PASS_MAX_LENGTH,
ALPHABETIC_CHAR,
NUMERIC_CHAR,
UPPER_CASE_CHAR,
LOWER_CASE_CHAR,
PUNCTUATION_CHAR,
PASSWORD_DIFF
INTO vPASS_MIN_LENGTH,
vPASS_MAX_LENGTH,
vALPHABETIC_CHAR,
vNUMERIC_CHAR,
vUPPER_CASE_CHAR,
vLOWER_CASE_CHAR,
vPUNCTUATION_CHAR,
vPASSWORD_DIFF
FROM PASSWORD_POLICY;
IF LENGTH (pPassword) < vPASS_MIN_LENGTH
THEN
vOutMessage :=
'Password length must be more than '
|| vPASS_MIN_LENGTH
|| ' Character';
RETURN;
ELSE
vOutMessage := 1;
END IF;
IF LENGTH (pPassword) > vPASS_MAX_LENGTH
THEN
vOutMessage :=
'Password length must be less than '
|| vPASS_MAX_LENGTH
|| ' Character';
RETURN;
-- else
-- vOutMessage:=1;
END IF;
IF vUPPER_CASE_CHAR = 'Y'
THEN
IF REGEXP_LIKE (pPassword, '^.*[A-Z]', 'c')
THEN
DBMS_OUTPUT.put_line ('Upper Case characters Found');
vOutMessage := 1;
ELSE
DBMS_OUTPUT.put_line ('Upper Case characters Not Found');
vOutMessage := 'Upper Case characters Not Found';
RETURN;
END IF;
END IF;
IF vLOWER_CASE_CHAR = 'Y'
THEN
IF REGEXP_LIKE (pPassword, '^.*[a-z]', 'c')
THEN
DBMS_OUTPUT.put_line ('Lower Case characters Found');
vOutMessage := 1;
ELSE
DBMS_OUTPUT.put_line ('Lower Case characters Not Found');
vOutMessage := 'Lower Case characters Not Found';
RETURN;
END IF;
END IF;
IF vALPHABETIC_CHAR = 'Y'
THEN
IF REGEXP_LIKE (pPassword, '^.*[a-zA-Z]', 'c')
THEN
DBMS_OUTPUT.put_line ('Alhpabet characters Found');
vOutMessage := 1;
ELSE
DBMS_OUTPUT.put_line ('Alhpabet characters Not Found');
vOutMessage := 'Alhpabet characters Not Found';
RETURN;
END IF;
END IF;
IF vNUMERIC_CHAR = 'Y'
THEN
IF REGEXP_LIKE (pPassword, '^.*[0-9]', 'c')
THEN
DBMS_OUTPUT.put_line ('Numeric characters Found');
vOutMessage := 1;
ELSE
DBMS_OUTPUT.put_line ('Numeric characters Found');
vOutMessage := 'Numeric characters Not Found';
RETURN;
END IF;
END IF;
IF vPUNCTUATION_CHAR = 'Y'
THEN
IF REGEXP_LIKE (pPassword, '^.*[!@#$%^&*()_]', 'c')
THEN
DBMS_OUTPUT.put_line ('Special characters Found');
vOutMessage := 1;
ELSE
DBMS_OUTPUT.put_line ('Special characters Not Found');
vOutMessage := 'Special characters Not Found';
RETURN;
END IF;
END IF;
IF vPASSWORD_DIFF = 'Y'
THEN
SELECT PIN
INTO pPassword_old
FROM MY_USERS
WHERE UPPER (USERNAME) = UPPER (vUSERID);
pPassword_old_1 := acl.CUSTOM_HASH (vUSERID, pPassword);
IF pPassword_old_1 = pPassword_old
THEN
vOutMessage := 'Old Password and New Password Can Not be Same';
RETURN;
ELSE
vOutMessage := 1;
END IF;
END IF;
END;]]>
Procedure If The Creation Is Done Correctly At This Stage We Will Go Back To The Password Change Page.
Create A Validation By Clicking The Right Button On The New_password Item.
Name-DYNAMICALLY_PASS_VALIDATION
Type-function Body (Returning Error Text)
Pl/SQL Function Body Returning Error Text (Paste the following code)
<![CDATA[DECLARE
mess VARCHAR2 (300);
BEGIN
PASSWORD_VALIDATION ( :P14_NEW_PASSWORD, acl.GET_CURRENT_USER, mess);
IF mess != '1'
THEN
RETURN mess;
END IF;
END;]]>
Our 2nd Phase Is Almost Done. At This Stage We Will Dynamically Check Whether Password Validation Is Set Correctly
Or Not.
Use Password Validation In Oracle Apex Application
When it comes to securing your Oracle Apex application, implementing strong password validation is paramount. By enforcing certain rules and constraints on the passwords chosen by users, you can significantly enhance the security posture of your application. Let's take a closer look at how you can utilize password validation in Oracle Apex effectively.
1. Understand the Password Requirements
Before implementing password validation in your Oracle Apex application, it is crucial to define the specific requirements for passwords. This includes determining the minimum and maximum length, the inclusion of alphanumeric characters, special characters, and any other constraints you deem necessary. By setting clear guidelines, you can ensure that users create passwords that meet your security standards.
2. Leverage Regular Expressions for Validation
Regular expressions provide a powerful toolset for validating passwords in Oracle Apex. By defining a pattern that passwords must adhere to, you can enforce specific criteria, such as the inclusion of uppercase and lowercase letters, numbers, and special characters. Regular expressions allow for flexibility in defining complex password rules, empowering you to create a robust validation mechanism.
3. Implement Password Complexity Checks
In addition to regular expressions, implementing password complexity checks can further strengthen your password validation process. By conducting checks on password strength, such as the presence of dictionary words, common patterns, or repeated characters, you can ensure that users choose strong and unique passwords. This additional layer of validation adds an extra barrier against potential security breaches.
4. Provide Clear Password Error Messages
When users fail to meet the password validation criteria, it is important to provide clear and user-friendly error messages. Instead of generic error messages, which can confuse users, offer specific guidance on how to rectify the issue. By providing informative feedback, you can help users understand the password requirements and successfully create a secure password.
5. Enable Password Expiry and Reset
To further enhance security, consider implementing password expiry and reset mechanisms in your Oracle Apex application. By periodically requiring users to change their passwords, you minimize the risk of unauthorized access due to compromised credentials. Additionally, providing users with a secure password reset process ensures they can regain access to their accounts if needed.
Our Use Of Static And Dynamic Password Validation Has Been Completed. Hopefully The Complete Video/post Of Password
Validation.
Frequently Asked Questions
Q1: Why is password validation important in an Oracle Apex application?
Password validation is crucial in an Oracle Apex application as it strengthens the security of the application by enforcing password rules and constraints. This helps mitigate the risk of unauthorized access and data breaches.
Q2: What are some common password validation rules?
Common password validation rules include minimum and maximum length requirements, the inclusion of alphanumeric and special characters, and restrictions on commonly used passwords.
Q3: Can password complexity checks be bypassed by determined attackers?
While password complexity checks add an extra layer of security, determined attackers may still find ways to bypass them. It is essential to combine password complexity checks with other security measures, such as multi-factor authentication, to strengthen overall security.
Q4: How can I implement password validation in Oracle Apex?
To implement password validation in Oracle Apex, you can utilize regular expressions to define the desired password pattern and constraints. Additionally, you can leverage built-in Apex features and custom PL/SQL code to perform additional checks and validations.
Q5: Are there any downsides to strict password validation?
Strict password validation may sometimes inconvenience users who struggle to remember complex passwords. However, striking the right balance between security and user experience is crucial. Educating users about the importance of strong passwords and providing clear guidelines can help mitigate these downsides.
Q6: Can I customize password validation rules based on specific requirements?
Yes, you can customize password validation rules based on your specific requirements. Oracle Apex provides flexibility in defining the desired password constraints, allowing you to align them with your organization's security policies.
Conclusion: Strengthen Your Oracle Apex Application with Password Validation Implementing password validation in your Oracle Apex application is a vital step in fortifying its security. By enforcing password rules, leveraging regular expressions, and implementing complexity checks, you can significantly reduce the risk of unauthorized access and data breaches. Additionally, providing clear error messages, enabling password expiry and reset, and striking the right balance between security and user experience contribute to a robust application.
Remember, protecting your application and user data requires a multi-layered approach. Combine password validation with other security measures, such as encryption, user access controls, and regular security audits, to establish a comprehensive security framework.
Empower your users to create strong and secure passwords while ensuring their experience remains hassle-free. By implementing effective password validation in your Oracle Apex application, you can strengthen security, enhance user confidence, and protect your valuable data.
I Will Try To Show Details Of Login Validation In My Next Video.
In Login Validation
If The User Uses The Wrong Password More Than 5 Times, The Account Will Be Locked.
Lock The Account For A Certain Period Of Time.
There Will Be Details About Etc.
Stay Tuned By Subscribing To My Youtube Channel. Thank You...
🔗 Demo Application-
URL- Demo
Application
Please stay tuned by subscribing to the YouTube channel, and encourages new videos to be uploaded 🙍🏾 Md jABER HOSSEN 📲 Mobile-+8801760688286 📨 Email- jaberit786@gmail.com 🌐 FB- facebook.com/mdjaber.hossen1 Please Subscribe to
My Channel Many thanks for visiting the site.
Then Enjoy.........................
