Password Complexity Rules Are Not Enforced When Resetting Password Via the 'Reset Password' link on the APEX Login Page
(Doc ID 2470789.1)
Last updated on FEBRUARY 18, 2021
Applies to:Oracle Application Express (APEX) - Version 5.1.4.00.08 and later
Information in this document applies to any platform.
When trying to reset password from the 'Reset Password' link on the APEX Login page, the password complexity rules are not enforced.
Password complexity rules are enforced only if the internal admin attempts to change password from Internal administration interface.
Log in to the "Internal administration"
- Navigate to Manage Instance\Security
- Click on Password Policy tab and select "Yes" for the "Must Contain At Least One Numeric Character"
- Apply Changes
The following error occurs if the internal admin tries to reset the password (without including a numeric character) for a workspace user using the Edit User page:
Password does not conform to this site's password complexity rules.
◦Password must contain at least one numeric character
The above error is the expected behavior because "Must Contain At Least One Numeric Character" is set to Yes in the Password Policy settings under Manage Instance\Security.
However, when the workspace user tries to reset his password (without including a numeric character) from the 'Reset Password' link on the APEX Login page, the password complexity rule is not enforced.
That is, the Reset Password URL link is emailed to the user and when he tries to reset the password using this URL link, he does not get the above error if the password does not conform to the password complexity rules.
The password complexity rules are enforced only when you edit the user password from Manage Workspaces\Manage Developers and Users page.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document