Date: Fri, 31 Jan 1997 11:51:59 -0500 From: "Jason Wilson" <jasonw@glycerine.mulberry.com> To: Brandon Gillespie <brandon@cold.org>, Ernie Elu <ernie@spooky.eis.net.au> Cc: freebsd-isp@freebsd.org Subject: Re: Password change via Web page Message-ID: <9701311152.ZM14612@glycerine.mulberry.com> In-Reply-To: Brandon Gillespie <brandon@cold.org> "Re: Password change via Web page" (Jan 30, 6:08pm) References: <Pine.NEB.3.95.970130180648.22304A-100000@cold.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 30, 6:08pm, Brandon Gillespie wrote: > Subject: Re: Password change via Web page > > Does anyone know of a method whereby a user can change his or her password > > via a web page just using netscape or any other common browser? > > There are many, none of which you want to do because of extreme security > problems (basically the CGI would hav to run as root, plus you would want > to run it under an SSL server). > > BUT, if you insist upon this unsecure method, just have a cgi script > running as root which calls 'passwd' with the correct username and > password. Course, piping into passwd may be hard, use perl, or write your > own 'passwd' program.. The script doesn't necessarily have to run as root. The way we do it here is the cgi contacts our POP Password server (written by Qualcomm) and lets it do the password change. This isn't any less secure than letting a user telnet/ftp/pop3 into your server since the password is sent cleartext anyways. Jason -- Uniquest On-Line Services Tel: +1 (613) 345-6061 173 King St. W. Fax: +1 (613) 345-6062 Brockville, Ontario Brockville's first and only K6V 3R6 full service Internet Provider.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9701311152.ZM14612>