On Fri, Oct 27, 2000 at 10:43:58AM +0800, Philip Tong wrote:
>What is a good method to allow users to have their mail password changed
>using a Web Browser?
The recent versions of "passwd" on Linux have the ability to change the
password by piping the password in. This means that changing the system
password of a user can be done fairly easily by program.
>What are the security issues that I need to look into?
The typical CGI-sorts of issues you'll need to check for. You know,
like if the user name entered is "jafo;rm -rf /", you probably don't
want to do: system("su root -c 'passwd %s'" % userName)...
Sean
--
"Isn't having a smoking section in a restaurant kind of like having a
peeing section in a swimming pool?" -- David Broadfoot
Sean Reifschneider, Inimitably Superfluous <[EMAIL PROTECTED]>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python