STRONG_PASSWORD_CHECK Procedure

This procedure returns Boolean OUT values based on whether a proposed password meets the password strength requirements as defined by the Oracle Application Express site administrator.

Syntax

APEX_UTIL.STRONG_PASSWORD_CHECK(
    p_username                    IN  VARCHAR2,
    p_password                    IN  VARCHAR2,
    p_old_password                IN  VARCHAR2,
    p_workspace_name              IN  VARCHAR2,
    p_use_strong_rules            IN  BOOLEAN,
    p_min_length_err              OUT BOOLEAN,
    p_new_differs_by_err          OUT BOOLEAN,
    p_one_alpha_err               OUT BOOLEAN,
    p_one_numeric_err             OUT BOOLEAN,
    p_one_punctuation_err         OUT BOOLEAN,
    p_one_upper_err               OUT BOOLEAN,
    p_one_lower_err               OUT BOOLEAN,
    p_not_like_username_err       OUT BOOLEAN,
    p_not_like_workspace_name_err OUT BOOLEAN,
    p_not_like_words_err          OUT BOOLEAN,
    p_not_reusable_err            OUT BOOLEAN);

Parameters

Table 21-101 describes the parameters available in the STRONG_PASSWORD_CHECK procedure.

Table 21-101 STRONG_PASSWORD_CHECK Parameters

Parameter	Description
`p_username`	Username that identifies the account in the current workspace
`p_password`	Password to be checked against password strength rules
`p_old_password`	Current password for the account. Used only to enforce "new password must differ from old" rule
`p_workspace_name`	Current workspace name, used only to enforce "password must not contain workspace name" rule
`p_use_strong_rules`	Pass `FALSE` when calling this API
`p_min_length_err`	Result returns `True` or `False` depending upon whether the password meets minimum length requirement
`p_new_differs_by_err`	Result returns `True` or `False` depending upon whether the password meets "new password must differ from old" requirements
`p_one_alpha_err`	Result returns `True` or `False` depending upon whether the password meets requirement to contain at least one alphabetic character
`p_one_numeric_err`	Result returns `True` or `False` depending upon whether the password meets requirements to contain at least one numeric character
`p_one_punctuation_err`	Result returns `True` or `False` depending upon whether the password meets requirements to contain at least one punctuation character
`p_one_upper_err`	Result returns `True` or `False` depending upon whether the password meets requirements to contain at least one upper-case character
`p_one_lower_err`	Result returns `True` or `False` depending upon whether the password meets requirements to contain at least one lower-case character
`p_not_like_username_err`	Result returns `True` or `False` depending upon whether the password meets requirements that it not contain the username
`p_not_like_workspace_name_err`	Result returns `True` or `False` whether upon whether the password meets requirements that it not contain the workspace name
`p_not_like_words_err`	Result returns `True` or `False` whether the password meets requirements that it not contain specified simple words
`p_not_reusable_err`	Result returns `True` or `False` whether the password can be reused based on password history rules

Example

The following example shows how to use the STRONG_PASSWORD_CHECK procedure. It checks the new password 'foo' for the user 'SOMEBODY' meets all the password strength requirements defined by the Oracle Application Express site administrator. If any of the checks fail (the associated OUT parameter returns TRUE), then the example outputs a relevant message. For example, if the Oracle Application Express site administrator has defined that passwords must have at least one numeric character and the password 'foo' was checked, then the p_one_numeric_err OUT parameter would return TRUE and the message 'Password must contain at least one numeric character' would be output.

DECLARE
    l_username                    varchar2(30);
    l_password                    varchar2(30);
    l_old_password                varchar2(30);
    l_workspace_name              varchar2(30);
    l_min_length_err              boolean;
    l_new_differs_by_err          boolean;
    l_one_alpha_err               boolean;
    l_one_numeric_err             boolean;
    l_one_punctuation_err         boolean;
    l_one_upper_err               boolean;
    l_one_lower_err               boolean;
    l_not_like_username_err       boolean;
    l_not_like_workspace_name_err boolean;
    l_not_like_words_err          boolean;
    l_not_reusable_err            boolean;
    l_password_history_days       pls_integer;
BEGIN
    l_username := 'SOMEBODY';
    l_password := 'foo';
    l_old_password := 'foo';
    l_workspace_name := 'XYX_WS';
    l_password_history_days := 
        apex_instance_admin.get_parameter ('PASSWORD_HISTORY_DAYS');
 
    APEX_UTIL.STRONG_PASSWORD_CHECK(
        p_username                    => l_username,
        p_password                    => l_password,
        p_old_password                => l_old_password,
        p_workspace_name              => l_workspace_name,
        p_use_strong_rules            => false,
        p_min_length_err              => l_min_length_err,
        p_new_differs_by_err          => l_new_differs_by_err,
        p_one_alpha_err               => l_one_alpha_err,
        p_one_numeric_err             => l_one_numeric_err,
        p_one_punctuation_err         => l_one_punctuation_err,
        p_one_upper_err               => l_one_upper_err,
        p_one_lower_err               => l_one_lower_err,
        p_not_like_username_err       => l_not_like_username_err,
        p_not_like_workspace_name_err => l_not_like_workspace_name_err,
        p_not_like_words_err          => l_not_like_words_err,
        p_not_reusable_err            => l_not_reusable_err);

    IF l_min_length_err THEN
        htp.p('Password is too short');
    END IF;
 
    IF l_new_differs_by_err THEN
        htp.p('Password is too similar to the old password');
    END IF;
 
    IF l_one_alpha_err THEN
        htp.p('Password must contain at least one alphabetic character');
    END IF;
 
    IF l_one_numeric_err THEN
        htp.p('Password  must contain at least one numeric character');
    END IF;
 
    IF l_one_punctuation_err THEN
        htp.p('Password  must contain at least one punctuation character');
    END IF;
 
    IF l_one_upper_err THEN
        htp.p('Password must contain at least one upper-case character');
    END IF;
 
    IF l_one_lower_err THEN
        htp.p('Password must contain at least one lower-case character');
    END IF;
 
    IF l_not_like_username_err THEN
        htp.p('Password may not contain the username');
    END IF;
 
    IF l_not_like_workspace_name_err THEN
        htp.p('Password may not contain the workspace name');
    END IF;
 
    IF l_not_like_words_err THEN
        htp.p('Password contains one or more prohibited common words');
    END IF;

    IF l_not_reusable_err THEN
        htp.p('Password cannot be used because it has been used for the account within the last '||l_password_history_days||' days.');
    END IF;
END;