From owner-freebsd-questions Mon Jan 19 08:38:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA13368 for questions-outgoing; Mon, 19 Jan 1998 08:38:48 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from cerberus.partsnow.com (gatekeeper.partsnow.com [207.155.26.98]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA13364 for ; Mon, 19 Jan 1998 08:38:40 -0800 (PST) (envelope-from don@partsnow.com) Received: (from bin@localhost) by cerberus.partsnow.com (8.8.5/8.6.9) id IAA00110; Mon, 19 Jan 1998 08:36:26 -0800 (PST) X-Authentication-Warning: cerberus.partsnow.com: bin set sender to using -f Received: from wildeweb(192.168.100.10) by cerberus.partsnow.com via smap (V2.0) id xma000100; Mon, 19 Jan 98 08:36:16 -0800 Message-ID: <34C3813B.DF11EB65@partsnow.com> Date: Mon, 19 Jan 1998 08:37:15 -0800 From: Don Wilde Reply-To: don@partsnow.com Organization: Soligen, Incorporated X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386) MIME-Version: 1.0 To: chas CC: questions@FreeBSD.ORG Subject: Re: security and scripts ? (was Re: Tcl/Tk tutorial recommendations?) References: <3.0.32.19980118234853.00952c10@peace.com.my> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk > On that note, I was recommended Expect for scripting a webpage for > users to change their email passwords. Is this secure ? (bit dubious > of anything that runs with privileges to change the /etc/passwd file) > > chas and rightly so... It isn't :) Expect merely allows you to do things you can already do with a keyboard. Then again, in the Real World, nothing is ever secure except six feet of concrete :) Use with disgression, and make sure the expect script itself is protected from reading, permission 100, etc., and is in a non-reachable directory. -- oooOOO O O O o * * * * * * o ___ _________ _________ ________ _________ _________ ___==_ V_=_=_DW ===--- Don Wilde [don@PartsNow.com] [http://www.PartsNow.com ] /oo0000oo-oo--oo-ooo---ooo-ooo---ooo-ooo--ooo-ooo---ooo-ooo---ooo-oo--oo