Unanswered: update expired oracle passwords via forms
Setup: Forms 9i, 9iDB
Is anyone aware of a simple way or simpler/safer than my thoughts below for a user to update an expired oracle password from a forms app? Here is what I am doing now.
In my forms app I create a user using dynamic sql thus:
CREATE USER "'||employee_id||'"'||
' IDENTIFIED BY mdm_new PROFILE mdm_member '||
' DEFAULT TABLESPACE DATA'||
' TEMPORARY TABLESPACE TEMP'||
' PASSWORD EXPIRE'||
' ACCOUNT UNLOCK';
The mdm_member profile is defined thus:
CREATE PROFILE mdm_member LIMIT
In a normal sequence when a password has expired and the grace period entered the app can detect this and allow a user to update their password. Put if the user is created with "PASSWORD EXPIRE" it does not appear that the grace period comes into play. It seems like a bug but I did not see any current issues on MetaLink. I do not have a real good record when it comes to searching for info so if you find something please tell me. If I am doing something wrong above I know you all will tell me also.
If the connect fails there is no connection made (like SQLPlus) that allows you to input a new password.
Here are the approaches I have considered:
1) Create a specialized user account that has ONLY connect and alter any user privs. Behind the scenes connect as that user when an expired password is detected. After the password is changed reconnect as the "real" user before proceeding. This seems to have some security issues but ...
2) Create a specialized profile like:
CREATE PROFILE new_user LIMIT
This saves needing to use "PASSWORD EXPIRE" (the password expires 1 minute after the user is created) and this method does seem to invoke the grace period. But then I need to assign them the "real" profile as soon as they changed their password. In practice I would probably just assign them the default password whenever their password changes. This seems the safest but I am open to suggestions.
NOTE: Please disregard the label "Senior Member".