Re: Change Passwd Via Telnet through a Perl WWW Script
On Mon, Jul 29, 2002 at 05:47:09PM +0800, Grahame Bowland wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Mon, 29 Jul 2002 04:44 pm, Dave Swegen wrote:
> > On Mon, Jul 29, 2002 at 03:10:21PM +0800, Grahame Bowland wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > On Sat, 27 Jul 2002 04:31 am, Phillip Hofmeister wrote:
> > > > All,
> > > >
> > > > I have been thinking about making a perl program that will open a
> > > > socket to port 23 on the loopback and converse with login and passwd
> > > > and change a password via a www page. Does anyone have comments about
> > > > security implications of this? Does anyone have any feature requests?
> > > > Does a similar program exist to anyone's knowledge?
> > >
> > > Take a look at poppassd, it's an easy way to do this sort of thing.
> > Judging from the brief look I had at it I fail to see how it is more
> > secure than running a telnet session, as all the data is still passed
> > across the wire unencrypted. Or have I missed something?
> The original question was about connecting over the loopback, so you don't
> really need to worry about encryption. It does abstract things a bit; writing
> a program to do;
> USER username
> PASS password
> NEWPASS newpassword
> is much easier than scripting for a shell over telnet and going through
> expect, and you get defined error codes.
Thanks for the clarification. Though I suspect the truly paranoid would
throw a hissy-fit :)
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com