From owner-freebsd-isp  Thu Jan 30 17:39:05 1997
Return-Path: <owner-isp>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id RAA19967
          for isp-outgoing; Thu, 30 Jan 1997 17:39:05 -0800 (PST)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA19961
          for <freebsd-isp@freebsd.org>; Thu, 30 Jan 1997 17:39:00 -0800 (PST)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id MAA06551; Fri, 31 Jan 1997 12:39:38 +1100 (EST)
Date: Fri, 31 Jan 1997 12:39:38 +1100 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Brandon Gillespie <brandon@cold.org>
cc: Ernie Elu <ernie@spooky.eis.net.au>, freebsd-isp@freebsd.org
Subject: Re: Password change via Web page
In-Reply-To: <Pine.NEB.3.95.970130180648.22304A-100000@cold.org>
Message-ID: <Pine.BSF.3.91.970131123849.263N-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Thu, 30 Jan 1997, Brandon Gillespie wrote:

> > Does anyone know of a method whereby a user can change his or her password
> > via a web page just using netscape or any other common browser?
> 
> There are many, none of which you want to do because of extreme security
> problems (basically the CGI would hav to run as root, plus you would want
> to run it under an SSL server).
> 
> BUT, if you insist upon this unsecure method, just have a cgi script
> running as root which calls 'passwd' with the correct username and
> password.  Course, piping into passwd may be hard, use perl, or write your
> own 'passwd' program..

Probably easiest thing to do is to hack poppassd so that it understands 
an http request.

Danny