On 1 Jun 2006, [EMAIL PROTECTED] wrote: > Let me clarify a bit more what I need to do. We want to use $USER > to verify a valid user before running the program, so this is very > unlikely go on the web or have a web interface.
You can tie web-based authentication to an external user database (e.g. LDAP/Active Directory/the PAM stack). It can have its own authentication database. This is as secure as relying on the Unix login process, if configured properly. Just run over HTTPS to prevent snooping. The Unix login process can be subverted by sudo (not to mention that $USER can be set to anything, as others pointed out). You should always request a password if security is a concern. Don't trust the UID or environment. In a web environment, a lot of this security is readily available in pre-packaged applications. Of course, you could consider something like MARS. I know Merrimack College and a few others use it and it works well. It sounds like you're set on writing this in text mode, but I hope the suggestions help, especially that you should always ask for a password. Ted _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
