I think you may have misunderstood me. I'm not wanting to change any part of TMDA's security model. I was only curious as to how they had handled the setuid in their CGI. I didn't necessarily want the source code, but just a conceptual example. I still plan on using tmda-cgi for my more advanced customers. However, the bulk of my customer base will find tmda-cgi way too complicated to use. Besides, the CGI I put in place had to have a consistent look and feel as compared to our other tools which we provide to our customers. As far as using a non-web based solution, I still offer sender's the oppurtunity to reply to the challenge email and let tmda handle all that as designed.
Walt "Brian" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Thu, Oct 02, 2003 at 12:47:58AM -0400, Walter Wyndroski wrote: > > The tmda-cgi is very impressive. However, a bit to complicated for many of > > my average customers. So I have written a much simplified CGI interface via > > Perl. > > Just about any CGI-based solution will involve modifying the built-in > security of TMDA. You might consider a non-web based solution, such > as an e-mail-based system, that does not require changes to the TMDA > security model. > > I've made a very preliminary start on such a system here: > > http://www.pongonova.net/pub/tmda-ezplm-0.01.tgz > > The advantages over CGI-based solutions are (1) reduced complexity and > (2) no security model changes. Jason and Tim have (I assume) taken > great pains to ensure TMDA remains as secure as possible. Where I've > implemented TMDA, I've chosen to defer to their knowledge in this area > and not attempt to make changes to their security measures. > > --Brian > _____________________________________________ > tmda-users mailing list ([EMAIL PROTECTED]) > http://tmda.net/lists/listinfo/tmda-users > _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
