Disable random Password generation button on Reset Password popup window.

Hi ALL,
We have a new requirement when user click on reset password tab on "Modify User" page, a pop up window will open with two options :
1) Manually change the Password
2) Auto-generate the Password (Randomly generated)
I want to remove or disable this 2nd option. Can you please guide me what necessary changes required?
Thanks,
Amit

It's easy enough to generate a random password. Use a
constant string containing your alphabet (different
systems have different rules about what characters
are allowed). Then us Random first to generate a
suitable length, then to pick a character from your
alphabet for each slot. If there are further rules
(e.g. "must contain at least one digit") then check
the password you've just generated and if it fails
the test, simply try again.
But this isn't a particularly good system. It allows
anyone to harrass a user by changing their password
if they can guess their user name.
The approach I favour is to send the user a one-time
click-thru URL in an e-mail which allows them to set
their password to anything they chose. That needs a
special table in some data base. You generate a
random token which acts as a one-shot password on a
special "change password" page. As soon as the click
through has been used then the database entry is
deleted so that the token is invalidated. You should
also invalidate the token if they log on in the
normal way.I agree that the 'forgot your password' feature is nasty. I mean, we are normally enjoined from saying "invalid user id" or "invalid password", we have to say "invalid user id / password combination" or something to that effect. But by providing the 'forgot your password' feature, it would be trivial to write a bot to see which sites provide this, determine a good page from a bad (e.g., valid user id) and then have an easier time brute-forcing the password. Sad.
On the other hand, I know personally that many companies are concerned with phishing attacks on their customers. As such, they have a blanket policy prohibiting any URL that hits a secured page in any way.
So, what to do? :^(
- Saish

Similar Messages

  • Not able to display the desired view if button is pressed in POPup window

    Hi Experts,
    I have developed a web dynpro application.In this i have created a pop up window which consists of three buttons YES , NO and CANCEL.
    I have developed three event handlers in the view VIEW_POPUP which is acting as view of the pop_up window.  When i click on any of these buttons no event handler is getting triggered.
    Please give your suggestion as where the problem is.

    Hi Ravi,
    I think u created a  view and embedded it in another window and calling that window.,
    If u want to display a popup window with action buttons., jus use create_popup_to_confirm() method.
    refer this code,.
    * Data declarations for Pop up window
      data: lt_text type string_table,
            lo_window_manager type ref to if_wd_window_manager,
            lo_api_component type ref to if_wd_component,
            lo_window type ref to if_wd_window,       
            l_api type ref to if_wd_view_controller.
       msgtext = 'Do u want to continue. ?'
        append msgtext to lt_text.
          clear: tmp_from , tmp_to .
          l_api = wd_this->wd_get_api( ).
          lo_api_component = wd_comp_controller->wd_get_api( ) .
          lo_window_manager  = lo_api_component->get_window_manager( ).
          lo_window1 =
          lo_window_manager->create_popup_to_confirm(
                 text = lt_text
                 button_kind = if_wd_window=>co_buttons_okcancel
                 message_type = if_wd_window=>co_msg_type_information   " this is info msg u can give error message here
                 close_button = 'X'
                 window_title = 'Confirmation message box'
    *       lo_window->subscribe_to_button_event
          lo_window1->subscribe_to_button_event(
            button = if_wd_window=>co_button_ok
            action_name = 'SUBMIT_REQUEST'                     " Submitting Request. " u have to create SUBMIT_REQUEST Action
            button_text = 'Yes'                                             " And Place the code in that action which u want to execute when yes
            action_view = l_api
            is_default_button = abap_false
    *       lo_window->subscribe_to_button_event
          lo_window1->subscribe_to_button_event(
            button = if_wd_window=>co_button_cancel
            action_name = 'CANCEL_REQUEST'                     " Calling Action On clicking NO. "u have to create CANCEL_REQUEST
            button_text = 'NO'                                              "Action
            action_view = l_api
            is_default_button = abap_true
          lo_window1->open( ).
    reply if u need some more clarifications.,
    Thanks & Regards
    Kiran

  • To Disable the Collaboration Features coming up in the popup window

    Hi,
    Can some one tell me how I can disable the Collaboration Features ( Send Email,Create Appointment,Send InstantMessage,CreateTask etc ) that come up in the popup window whn we click on the link provided just after user name .
    I dont want to get the link to be displayed next to user name  as we aren't implementing the Collaboration feature in our Portal here
    Regards
    Nazeer

    Hi
    You can remove the context menu popup by doing this:
    Login to portal as admin
    Follow  system admin-->sysconfigratrion --> coloabration -->properties -->command group -->users group -->edit --> remove
       UserGWGroup
       UserSyncGroup
       UserAsyncGroup
       UserWorkflowGroup.
    This way all the menu will be removed.
    Best Regards
    Prabhakar Lal
    PS : You may have to restart the server to see the changes.
    Message was edited by:
            Prabhakar Lal

  • HtmlUnit buttons not working for popup windows

    When I click a button element which opens a pop up window in the browser give me following javascript exception from DebugCommon10_1_3_2_0.js when I click the buttonthrough a htmlunit test. I have set my WebClient to default.
    Exception class=[org.mozilla.javascript.WrappedException]
    com.gargoylesoftware.htmlunit.ScriptException: Wrapped com.gargoylesoftware.htmlunit.ScriptException: TypeError: Cannot find function setCapture. (http://192.168.20.36:8988/CS/adf/jsLibs/DebugCommon10_1_3_2_0.js#3614) (http://192.168.20.36:8988/CS/adf/jsLibs/DebugCommon10_1_3_2_0.js#4561)
    at com.gargoylesoftware.htmlunit.javascript.JavaScriptEngine.callFunction(JavaScriptEngine.java:322)
    at com.gargoylesoftware.htmlunit.html.HtmlPage.executeJavaScriptFunctionIfPossible(HtmlPage.java:736)
    at com.gargoylesoftware.htmlunit.html.HtmlPage.runEventHandler(HtmlPage.java:1489)
    at com.gargoylesoftware.htmlunit.html.HtmlPage.runEventHandler(HtmlPage.java:1465)
    at com.gargoylesoftware.htmlunit.html.ClickableElement.click(ClickableElement.java:103)
    at lk.informatics.cs.testcases.login.agreementmanagement.AddNewPartner.testSLNO12(AddNewPartner.java:329)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    Caused by: org.mozilla.javascript.WrappedException: Wrapped com.gargoylesoftware.htmlunit.ScriptException: TypeError: Cannot find function setCapture. (http://192.168.20.36:8988/CS/adf/jsLibs/DebugCommon10_1_3_2_0.js#3614) (http://192.168.20.36:8988/CS/adf/jsLibs/DebugCommon10_1_3_2_0.js#4561)
    at org.mozilla.javascript.Context.throwAsScriptRuntimeEx(Context.java:1693)
    at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:160)
    at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:471)
    at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:3085)
    at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:2251)
    at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:161)
    at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:340)
    at com.gargoylesoftware.htmlunit.javascript.HtmlUnitContextFactory.doTopCall(HtmlUnitContextFactory.java:151)
    at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2758)
    at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:159)
    at com.gargoylesoftware.htmlunit.javascript.host.EventHandler.call(EventHandler.java:95)
    at com.gargoylesoftware.htmlunit.javascript.JavaScriptEngine.callFunction(JavaScriptEngine.java:363)
    at com.gargoylesoftware.htmlunit.javascript.JavaScriptEngine.callFunction(JavaScriptEngine.java:318)

    read the error message:
    "Cannot find function setCapture"

  • Want Button Item to call popup window

    I'm trying to put in a popup calculator next to a region item. I want to use an item button NOT a region button so I can put the button right next to the item. But in item buttons, I don't see an option on how to call a popup using a JavaScript call like:
    javascript:callBMIPopup('P1432_ID');Can someone give me an idea? Even a small icon would work (if I could figure out how to get it in there as an item in a form region).

    Not sure if I'm going in the right direction or not. I've noticed some awfully screwy things with the template I'm using : Blue and Tan. I made a copy of the existing button template and called it New_Button. Here's the template:
    <table class="t2Button" cellspacing="0" cellpadding="0" border="0"  summary="">
    <tr>
    <td class="t2L"><a href="#LINK#"><img src="#IMAGE_PREFIX#themes/theme_2/button_left.gif" alt="" /></a></td>
    <td class="t2C" #BUTTON_ATTRIBUTES#><a href="#LINK#">#LABEL#</a></td>
    <td class="t2R"><a href="#LINK#"><img src="#IMAGE_PREFIX#themes/theme_2/button_right.gif" alt="" /></a></td>
    </tr>
    </table>I added the piece #BUTTON_ATTRIBUTES#. Thanks for your assistance. This is aggravating.

  • How to disable browser back/forward buttons from JSF

    Hi,
    I am working on one JSF based project
    I have a requirement where I don't want the application users to go back/forward using browser back/forward buttons so I want to disable the browser's back/forward buttons for my application.
    Can anyone tell me how to do that?
    Thanks in advance.
    Regards,
    Vijay Kumar

    Hi,
    Thanks for your response on this.
    My problem is that I am opening the new popup windows using setOnLoad Handler in JSF like following:
    getTmpBody().setOnLoad("window.open(\"abc.jsp?grantId="+txtGrantId.getValue().toString() + "&sunId=" + empDetails_Global + "&tmplNm=" + aggrTmplName + "&ctryCode=" + ctryCode +"\", \"Agreement\",'width=800,height=600,scrollbars=yes');return false;");
    Now everytime I am going to any other tab or page, I am setting the setOnnLoad handler to blank like
    getTmpBody().setOnLoad("");
    Now the problem is when I open a popup window and close this and then click on browser back/forward buttons, the last opened popup window again come up. This is the problem since I don't want last opened popup window to get opened again on the click of a browser back/forward buttons.
    This is a very urgent issue and I need to resolve this asap.
    Please help me on this.
    Thanks,
    Vijay Kumar

  • Popup Windows Buttons

    Hi,
    we create the buttons when opening the popup windows , like as
    lr_popup = lr_window_manager->create_window(
      MODAL               = ABAP_TRUE
      window_name         = 'CHGOFFER'
           "Name of the window created in step 2
      TITLE               = 'Talep Deu011Fiu015Ftir'
      CLOSE_BUTTON        = ABAP_TRUE
      BUTTON_KIND         = if_wd_window=>CO_BUTTONS_YESNOCANCEL
    *  MESSAGE_TYPE        = if_wd_window=>co_msg_type_error
    *  CLOSE_IN_ANY_CASE   = ABAP_TRUE
    *  MESSAGE_DISPLAY_MODE = MESSAGE_DISPLAY_MODE
    ** Adds an action to the popup screen buttons
    lr_view_controller = wd_this->wd_get_api( ).
    lr_popup->subscribe_to_button_event(
                  button = if_wd_window=>co_button_yes
                  button_text = 'Onayla'
                  action_name = 'APPROVE'
                  action_view = lr_view_controller
                  is_default_button = abap_false ).
    lr_popup->subscribe_to_button_event(
                  button = if_wd_window=>co_button_no
                  button_text = 'Sil'
                  action_name = 'DELETE'
                  action_view = lr_view_controller
                  is_default_button = abap_false ).
    lr_popup->subscribe_to_button_event(
                  button = if_wd_window=>co_button_cancel
                  button_text = 'Reddet'
                  action_name = 'REFUSE'
                  action_view = lr_view_controller
                  is_default_button = abap_false ).
      lr_popup->open( ).
    we can create only 3 buttons as 'YES NO CANCEL' with this method becase of IF_WD_WINDOW interface has type of WDR_POPUP_BUTTON_KIND.
    But i want to create 5 buttons for my popup window. is it possible?
    Can somebody help me pls?
    Thanks.

    As someone has already stated you can design as many buttons as you want into the view that you embed into the popup.  However for the bottom bar of the popup, you can only work with the buttons that SAP provides.  You can not add custom buttons into this bottom bar. 
    Personally when I have custom buttons, I go ahead and hide all of the standard buttons in the bottom bar.  I recreate them on the same button line as my custom buttons so that the interface looks more consistent.

  • Error when clicking other button after displaying Popup window

    Hi,
    I'm developing a custom page which calls a popup window in r12, below is the error encountered.
    Error: Cannot Display Page
    You cannot complete this task because you accessed this page using the browser's navigation buttons (the browser Back button, for example).
    To proceed, please select the Home link at the top of the application page to return to the main menu. Then, access this page again using the application's navigation controls (menu, links, and so on) instead of using the browser's navigation controls like Back and Forward.
    On my base page, I have other buttons like Save, Back, and the button to invoke the popup window. I can display the popup window without error, but when i clicked on the base page's other buttons after invoking the popup window, the error above is shown. I'm not clicking any browser's navigation buttons. Please let me know how to solve this error.
    Thanks!

    Hi,
    Just want to update...
    The error occurred because I have isBackNavigationFired checking, this becomes true when clicking the other buttons in the base page after displaying the popup. Is there a workaround where I can make this work without removing my back browser navigation checking?
    Thanks!

  • Button Item to open a popup window  but not do a submit

    Hi,
    I want to open a popup using a button that is next to an item. I do not want a submit to occur.
    I've followed the directions in Want Button Item to call popup window and the popup displays correctly.
    However it also does a submit.
    How to do I prevent the submit when this button item is pressed?

    I copied the Button templates, called it "Javascript Button", and changed its code from:
    <table class="t15Button" cellspacing="0" cellpadding="0" border="0"  summary=""><tr>
    <td class="t15L"><img src="#IMAGE_PREFIX#themes/theme_15/button-l.gif" alt="" /></td>
    <td class="t15C"><a href="#LINK#">#LABEL#</a></td>
    <td class="t15R"><img src="#IMAGE_PREFIX#themes/theme_15/button-r.gif" alt="" /></td>
    </tr></table>to:
    <table class="t15Button" cellspacing="0" cellpadding="0" border="0"  summary=""><tr>
    <td class="t15L"><img src="#IMAGE_PREFIX#themes/theme_15/button-l.gif" alt="" /></td>
    <td class="t15C"><a href="AAAAA">#LABEL#</a></td>
    <td class="t15R"><img src="#IMAGE_PREFIX#themes/theme_15/button-r.gif" alt="" /></td>
    </tr></table>where "AAAAA" is "javascript:#BUTTON_ATTRIBUTES#" (the markup wasn't working so I had to describe it this way).
    I then put the script I want to execute in the Button Attributes and made the Request whatever. It's not very elegant but it does work.

  • Reset Password :Non Random Password

    When an admin resets a users password via Reset User Password workflow a random password is generated. In the Reset User Password workflow I am unable to identify the activity that does the generation. I would like to instead set a default static password, is this possible?
    Thank you,
    Clear

    Hi,
    Actually password generation is part of Reprovision process in Reset User Password workflow. can see below trace :
    Argument op = reProvision
    Argument accountId = KSolanki
    Argument options = object
    Argument retryEnable = true
    Calling application 'com.waveset.provision.WorkflowServices'
    Application requested argument op
    Application requested argument user
    Application requested argument options
    Application requested all arguments
    Application requested argument subject
    Application reference retryInfo = null
    Application requested argument retryEnable
    Application assignment retryInfo.timeout = 0
    Application reference retryInfo =
    <Object>
    <Attribute name='timeout'>
    <Integer>0</Integer>
    </Attribute>
    </Object>
    Application requested argument doResources
    Application reference AllowPasswordGeneration = null
    Application requested argument allowPasswordGeneration_
    ~ Ketan

  • Random password generation

    Hi All,
    We have a link on login page "Forgot Password" ?
    As users clicks the link, idea is he goes to page that has emails address and submit button.
    As user enters his emails address and clicks submit, the mechanism gemerates a new password and sends it over to his email address.
    My question is, "I dont know how to generate that new random password."
    Is there a code around, that I can use ?
    thanks a lot,
    pp

    It's easy enough to generate a random password. Use a
    constant string containing your alphabet (different
    systems have different rules about what characters
    are allowed). Then us Random first to generate a
    suitable length, then to pick a character from your
    alphabet for each slot. If there are further rules
    (e.g. "must contain at least one digit") then check
    the password you've just generated and if it fails
    the test, simply try again.
    But this isn't a particularly good system. It allows
    anyone to harrass a user by changing their password
    if they can guess their user name.
    The approach I favour is to send the user a one-time
    click-thru URL in an e-mail which allows them to set
    their password to anything they chose. That needs a
    special table in some data base. You generate a
    random token which acts as a one-shot password on a
    special "change password" page. As soon as the click
    through has been used then the database entry is
    deleted so that the token is invalidated. You should
    also invalidate the token if they log on in the
    normal way.I agree that the 'forgot your password' feature is nasty. I mean, we are normally enjoined from saying "invalid user id" or "invalid password", we have to say "invalid user id / password combination" or something to that effect. But by providing the 'forgot your password' feature, it would be trivial to write a bot to see which sites provide this, determine a good page from a bad (e.g., valid user id) and then have an easier time brute-forcing the password. Sad.
    On the other hand, I know personally that many companies are concerned with phishing attacks on their customers. As such, they have a blanket policy prohibiting any URL that hits a secured page in any way.
    So, what to do? :^(
    - Saish

  • I cannot purchase apps from itunes store due to my Apple ID has been disabled. I was trying to reset my ID password, managed to reset but still unable to purchase apps from itunes store. Any good suggestion to fix this problem?

    I cannot purchase apps from itunes store due to my Apple ID has been disabled. I was trying to reset my ID password, I managed to reset but still unable to purchase apps from itunes store. Any good suggestion to resolve this issue? Thanks

    Contact itunes support:
    http://www.apple.com/support/itunes

  • Phone is disabled forgotten password and my home button doesnt work

    phone is disabled forgotten password and my home button doesnt work

    The following covers all of the options for dealing with a disabled iPhone: Forgot passcode for your iPhone, iPad, or iPod touch, or your device is disabled - Apple Support

  • My apple id was disabled. I followed the instructions, reset the password. But still gives me the same message. How do I fix it?

    My apple id was disabled. I followed the instructions, reset the password. But still gives me the same message. How do I fix it?

    Did you follow all of the instructions i.e. since resetting your password have you also logged out of your account on your device by tapping on your id in Settings > iTunes & App Store (Settings > Store on iOS 5 and below) and then logged back in so as to 'refresh' the account on it ?
    If that doesn't fix it then contact iTunes Support : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page

  • OIM 11g R2 - User random password Generation

    Hi All,
    In my case users are getting created in OIM using Trusted source reconciliation and need to populate a random password for each user.
    Please suggest me which of the following methods is better and why?
    Method 1: Created a post Event Handler and populate password attribute. This case I created a custom Post event handler and populated password attribute and is success but the password stored in database is plain text and so not able login to Adminconsole with same password. So, how to encrypte password and then store in DB?
    Method 2: Create entity adapter and attach to user form using Data object manager
    Or, please suggest me any other best way.
    Thanks in advance.

    Hi,
    Users are being created thru trusted source recon and password is not automatically getting populated. I verified it, by checking USR_PASSWORD attribute in USR table and it is empty.

Maybe you are looking for