From owner-freebsd-isp  Tue Sep  1 17:49:14 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA00319
          for freebsd-isp-outgoing; Tue, 1 Sep 1998 17:49:14 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from zeus.theinternet.com.au (zeus.theinternet.com.au [203.34.176.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA00297
          for <freebsd-isp@FreeBSD.ORG>; Tue, 1 Sep 1998 17:49:06 -0700 (PDT)
          (envelope-from akm@zeus.theinternet.com.au)
Received: (from akm@localhost)
	by zeus.theinternet.com.au (8.8.7/8.8.7) id KAA21049;
	Wed, 2 Sep 1998 10:42:48 +1000 (EST)
	(envelope-from akm)
From: Andrew Kenneth Milton <akm@zeus.theinternet.com.au>
Message-Id: <199809020042.KAA21049@zeus.theinternet.com.au>
Subject: Re: webbased email/adding new users
In-Reply-To: <35EC7715.29886974@intercom.com> from "Jason J. Horton" at "Sep 1, 98 06:37:09 pm"
To: jason@intercom.com (Jason J. Horton)
Date: Wed, 2 Sep 1998 10:42:48 +1000 (EST)
Cc: freebsd-isp@FreeBSD.ORG, isp-tech@isp-tech.com
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

+----[ Jason J. Horton ]---------------------------------------------
| A client wants to do a Hotmail type service(doesn't
| everyone?) and I am wondering how to add new users via
| forms, like hotmail does, with the webserver running
| as a non-privilidged user and without opening a whole
| bunch of security problems for the system. Any ideas?
| Please email me or the list

We do the same type of thing for user addition, we process users
into a database, they are 'scrutinised' by humans first, and then
once approved they are placed into another database. 

This section of the website is restricted to staff only.

A cron job runs every 5 minutes (as root) and creates the pending users by
calling adduser in batch mode.

The databases are cross-checked with adduser log file to look
for entries that have been created not using the web interface
and to look for entries that exist in the database but don't
have a corresponding account.

If you have a networkable database you can place the database on
a foreign machine behind a firewall and have various machines access
it from the DMZ.

-- 
Totally Holistic Enterprises Internet|  P:+61 7 3870 0066   |  Andrew
The Internet (Aust) Pty Ltd          |  F:+61 7 3870 4477   |  Milton
ACN: 082 081 472                     |  M:+61 416 022 411   |72 Col .Sig
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au|Specialist

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message