Date: Mon, 23 Aug 1999 22:17:30 +0200 From: "Willem Jan Withagen" <wjw@iae.nl> To: "Ollivier Robert" <roberto@keltia.freenix.fr> Cc: <security@freebsd.org> Subject: Re: getting passwored data via a perl cgi Message-ID: <05d801beeda4$8765ae80$441b3dd4@wjw.digiware.nl>
next in thread | raw e-mail | index | archive | help
I did it the other way around:
I wrote a Apache security module which takes usercode/password and then
veryfies it at the POP-port.
If you don't want POP outside the box, use tcpwrappers or a firewall to hide
them.
The advantage is that this code is very unlikely to be stored in a
cache/proxy, whilest I've
found plenty of "pages" in many Win'95/OS2 caches containing
usercode/password combinations
--WjW
PS: code is available, but RAW
-----Original Message-----
From: Ollivier Robert <roberto@keltia.freenix.fr>
To: freebsd-security@freebsd.org <freebsd-security@freebsd.org>
Date: zondag 22 augustus 1999 23:00
Subject: Re: getting passwored data via a perl cgi
>According to Colin Eric Johnson:
>> Is there a way to allow other users access to complete password database?
>> I understand, basically, why this is restricted but I'm not sure how else
>> to solve this given FreeBSDs restrictions.
>
>Either you make it setuid root or you wipe up a daemon that runs as root
and
>make your script discuss with the daemon. The daemon could cache entries
for
>example (although pwd lookups should be fast thanks to the DB files).
>--
>Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=-
roberto@keltia.freenix.fr
>FreeBSD keltia.freenix.fr 4.0-CURRENT #73: Sat Jul 31 15:36:05 CEST 1999
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05d801beeda4$8765ae80$441b3dd4>