--- Daniel Falkenberg <[EMAIL PROTECTED]> wrote: > Hey all, > > I have just finally finished a WWW based Perl program that can > add/delete and change users password from a WWW based script. I have > tried to make this script as secure as I can. The script can modify the > /etc/passwd files.... has any one seen a script like this before? > > Thx, > > Dan
Um... I have some concerns about this. Allowing something Web-based to modify /etc/passwd seems to be begging for trouble. You *are* using shadow passwords, right? If your passwords are in /etc/passwd (I think they're encoded with an MD5 digest, but I'm not sure), then allowing someone a way to play with them is begging for trouble. How are you authenticating? Is this being run over SSL? Are you just using Basic authentication? Are you using none? This just screams "Danger Will Robinson, Danger" (which is rather odd, because my name is not "Will Robinson"). Cheers, Curtis "Ovid" Poe ===== Senior Programmer Onsite! Technology (http://www.onsitetech.com/) "Ovid" on http://www.perlmonks.org/ __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
