From owner-freebsd-isp Wed Dec 29 11:21: 8 1999 Delivered-To: freebsd-isp@freebsd.org Received: from cliff.i-plus.net (cliff.i-plus.net [209.100.20.42]) by hub.freebsd.org (Postfix) with ESMTP id 385E2150AE for ; Wed, 29 Dec 1999 11:21:04 -0800 (PST) (envelope-from st@i-plus.net) Received: from ARCADIA (arcadia.i-plus.net [209.100.20.198]) by cliff.i-plus.net (8.9.3/8.9.3) with SMTP id OAA95625 for ; Wed, 29 Dec 1999 14:21:03 -0500 (EST) From: "Troy Settle" To: "FreeBSD ISP" Subject: RE: Changing Passwords for Users using http: port 80 Date: Wed, 29 Dec 1999 14:21:09 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.5600 Importance: Normal In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Would be best to do it with https, but if you look at the internet as a whole, it really doesn't seem to make a difference any more. On most systems (mine at least), a comprimised user password isn't a big deal, except for that one user. Hopefully, people will be smart enough not to change their root password using a web page :) Passwords are transmitted in the clear between users and their ISP all the time: - Users who check their mail from other, including whole sale pops - users who telnet into shell servers - ftp Could probably name a few others, but hey... -Troy ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of up@3.am ** Sent: Wednesday, December 29, 1999 1:51 PM ** To: Troy Settle ** Cc: aLan Tait; Brent Rector; freebsd-isp@FreeBSD.ORG ** Subject: RE: Changing Passwords for Users using http: port 80 ** ** ** ** Is anybody going to mention why this can be a bad idea, or ** should at least ** be done using https? ** ** On Wed, 29 Dec 1999, Troy Settle wrote: ** ** > ** > PHP Script to do just this: ** > ** > http://home.i-plus.net/st/passwd.php3.gz ** > ** > Have fun ** > ** > -Troy ** > ** > PS: It does depend on poppassd from the ports collection. ** > ** > ** -----Original Message----- ** > ** From: owner-freebsd-isp@FreeBSD.ORG ** > ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of aLan Tait ** > ** Sent: Wednesday, December 29, 1999 12:36 PM ** > ** To: Brent Rector ** > ** Cc: freebsd-isp@FreeBSD.ORG ** > ** Subject: Re: Changing Passwords for Users using http: port 80 ** > ** ** > ** ** > ** Hey, I'd like a copy of that myself. Although I just put ** > ** the telnet command in a web page link and when they click on ** > ** it, it sends to to login in. Then I have a script to only ** > ** allow them to run passwd for their account and exit. It ** > ** works okay. In fact, people understand it better than the ** > ** web based WinNT program we'd been using. ** > ** ** > ** aLan ** > ** ** > ** ** > ** ** > ** Brent Rector wrote: ** > ** > ** > ** > Good Morning Everyone! ** > ** > ** > ** > Can anyone point me in the right direction. I need to locate a ** > ** script that ** > ** > I can use for our site that will allow users to change ** their passwords ** > ** > from our website instead of having to use a shell/telnet. ** > ** > ** > ** > Thanks in Advance, ** > ** > ** > ** > Brent ** > ** > ** > ** > ** > ** ----------------------------------------------------------------- ** > ** --------- ** > ** > Brent L. Rector SoHo Internet Services & TCCSweb ** > ** > SysAdmin (604) 979-2141 ** > ** > brentr@tccsweb.com http://www.tccsweb.com ** > ** > ** > ** ----------------------------------------------------------------- ** > ** --------- ** > ** > Your mouse has moved. Windows must be restarted for the change ** > ** > to take effect. Reboot now? [ OK ] ** > ** > ** > ** ----------------------------------------------------------------- ** > ** --------- ** > ** > ** > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org ** > ** > with "unsubscribe freebsd-isp" in the body of the message ** > ** ** > ** -- ** > ** ----------------------------------- ** > ** Filipino Network Solution - Fil.Net ** > ** ----------------------------------- ** > ** ** > ** ********************************************************* ** > ** *** I switched to FreeBSD from When?Doze because... *** ** > ** *** I never knew When? - It was going to Doze! ;) *** ** > ** ********************************************************* ** > ** ** > ** ** > ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** > ** with "unsubscribe freebsd-isp" in the body of the message ** > ** ** > ** > ** > To Unsubscribe: send mail to majordomo@FreeBSD.org ** > with "unsubscribe freebsd-isp" in the body of the message ** > ** ** James Smallacombe PlantageNet, Inc. CEO and Janitor ** up@3.am http://3.am ========================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message