Date: Wed, 29 Dec 1999 14:21:09 -0500 From: "Troy Settle" <st@i-plus.net> To: "FreeBSD ISP" <freebsd-isp@freebsd.org> Subject: RE: Changing Passwords for Users using http: port 80 Message-ID: <FNEMIHIFMKFBMDBKFDPBEEHLCAAA.st@i-plus.net> In-Reply-To: <Pine.BSF.4.10.9912291350350.93548-100000@richard2.pil.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Would be best to do it with https, but if you look at the internet as a whole, it really doesn't seem to make a difference any more. On most systems (mine at least), a comprimised user password isn't a big deal, except for that one user. Hopefully, people will be smart enough not to change their root password using a web page :) Passwords are transmitted in the clear between users and their ISP all the time: - Users who check their mail from other, including whole sale pops - users who telnet into shell servers - ftp Could probably name a few others, but hey... -Troy ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of up@3.am ** Sent: Wednesday, December 29, 1999 1:51 PM ** To: Troy Settle ** Cc: aLan Tait; Brent Rector; freebsd-isp@FreeBSD.ORG ** Subject: RE: Changing Passwords for Users using http: port 80 ** ** ** ** Is anybody going to mention why this can be a bad idea, or ** should at least ** be done using https? ** ** On Wed, 29 Dec 1999, Troy Settle wrote: ** ** > ** > PHP Script to do just this: ** > ** > http://home.i-plus.net/st/passwd.php3.gz ** > ** > Have fun ** > ** > -Troy ** > ** > PS: It does depend on poppassd from the ports collection. ** > ** > ** -----Original Message----- ** > ** From: owner-freebsd-isp@FreeBSD.ORG ** > ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of aLan Tait ** > ** Sent: Wednesday, December 29, 1999 12:36 PM ** > ** To: Brent Rector ** > ** Cc: freebsd-isp@FreeBSD.ORG ** > ** Subject: Re: Changing Passwords for Users using http: port 80 ** > ** ** > ** ** > ** Hey, I'd like a copy of that myself. Although I just put ** > ** the telnet command in a web page link and when they click on ** > ** it, it sends to to login in. Then I have a script to only ** > ** allow them to run passwd for their account and exit. It ** > ** works okay. In fact, people understand it better than the ** > ** web based WinNT program we'd been using. ** > ** ** > ** aLan ** > ** ** > ** ** > ** ** > ** Brent Rector wrote: ** > ** > ** > ** > Good Morning Everyone! ** > ** > ** > ** > Can anyone point me in the right direction. I need to locate a ** > ** script that ** > ** > I can use for our site that will allow users to change ** their passwords ** > ** > from our website instead of having to use a shell/telnet. ** > ** > ** > ** > Thanks in Advance, ** > ** > ** > ** > Brent ** > ** > ** > ** > ** > ** ----------------------------------------------------------------- ** > ** --------- ** > ** > Brent L. Rector SoHo Internet Services & TCCSweb ** > ** > SysAdmin (604) 979-2141 ** > ** > brentr@tccsweb.com http://www.tccsweb.com ** > ** > ** > ** ----------------------------------------------------------------- ** > ** --------- ** > ** > Your mouse has moved. Windows must be restarted for the change ** > ** > to take effect. Reboot now? [ OK ] ** > ** > ** > ** ----------------------------------------------------------------- ** > ** --------- ** > ** > ** > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org ** > ** > with "unsubscribe freebsd-isp" in the body of the message ** > ** ** > ** -- ** > ** ----------------------------------- ** > ** Filipino Network Solution - Fil.Net ** > ** ----------------------------------- ** > ** ** > ** ********************************************************* ** > ** *** I switched to FreeBSD from When?Doze because... *** ** > ** *** I never knew When? - It was going to Doze! ;) *** ** > ** ********************************************************* ** > ** ** > ** ** > ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** > ** with "unsubscribe freebsd-isp" in the body of the message ** > ** ** > ** > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org ** > with "unsubscribe freebsd-isp" in the body of the message ** > ** ** James Smallacombe PlantageNet, Inc. CEO and Janitor ** up@3.am http://3.am ========================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FNEMIHIFMKFBMDBKFDPBEEHLCAAA.st>