From owner-freebsd-isp  Tue Sep  1 17:01:50 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA22126
          for freebsd-isp-outgoing; Tue, 1 Sep 1998 17:01:50 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from ohio.river.org (river.org [209.24.233.15])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA22102
          for <freebsd-isp@FreeBSD.ORG>; Tue, 1 Sep 1998 17:01:43 -0700 (PDT)
          (envelope-from dhawk@ohio.river.org)
Received: (from dhawk@localhost) by ohio.river.org (8.8.8/8.7.3) id RAA29250; Tue, 1 Sep 1998 17:00:23 -0700 (PDT)
From: David Hawkins <dhawk@river.org>
Message-Id: <199809020000.RAA29250@ohio.river.org>
Subject: Re: webbased email/adding new users
In-Reply-To: <35EC7715.29886974@intercom.com> from "Jason J. Horton" at "Sep 1, 98 06:37:09 pm"
To: jason@intercom.com (Jason J. Horton)
Date: Tue, 1 Sep 1998 17:00:23 -0700 (PDT)
Cc: freebsd-isp@FreeBSD.ORG, isp-tech@isp-tech.com
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> A client wants to do a Hotmail type service(doesn't
> everyone?) and I am wondering how to add new users via
> forms, like hotmail does, with the webserver running
> as a non-privilidged user and without opening a whole
> bunch of security problems for the system. Any ideas?
> Please email me or the list
 
I have about a 400 line perl script that use CGI.pm to put up a form
and get all the necessary fields filled in and do some data checking.
It then uses sendmail to mail to a special account. Every line is
prefixed with XXX to avoid any special escape tricks. The other
account has a procmail filter running that extracts the data. We then
have someone check the account, but if you're not doing a $$$ deal
then you could have that account hand it off to a suid-perl script that
would install the account.

later, david
--
David Hawkins  -- dhawk@river.org        http://www.river.org/~dhawk
"How I wait for my good is more important than what I wait for. Life is
not living in a 'waiting room', but rather waiting in a 'living room'."
			-- Dr. Dorothy Kobak

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message