Re: passwd by WWW

To: debian-security@lists.debian.org
Subject: Re: passwd by WWW
From: Alain Tesio <alain@onesite.org>
Date: Mon, 22 Apr 2002 14:58:36 +0200
Message-id: <[🔎] 20020422145836.7e148640.alain@onesite.org>
In-reply-to: <[🔎] 20020422123553.GD19506@ids.org.au>
References: <[🔎] Pine.GSO.4.44.0204221137560.28881-100000@student.uci.agh.edu.pl> <[🔎] 20020422123553.GD19506@ids.org.au>

On Mon, 22 Apr 2002 22:35:53 +1000
Ian Cumming <ian@ids.org.au> wrote:

> 
> Marcin,
> 
> I've come across this problem too. I think i searched freshmeat.net, and
> found a few scripts which did the trick - however I wasn't confident
> enough to put them into place.
> 
> Is www a priority? You could write a simple perl script which securely
> launched passwd, and set the script to be the user's shell. This is what
> I do on my server.
> 
> rgds,
> Ian.
> 
> ps: if anyone *does* have a good cgi for changing passwords, please send
> it to me :)

Have a look at cgipasswd on freshmeat.net
You need a suid cgi script, it's important to filter the form inputs
against a list of valid characters.

Alain


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: passwd by WWW
  - From: Marcin Bednarz <mbednarz@student.uci.agh.edu.pl>

References:
- passwd by WWW
  - From: Marcin Bednarz <mbednarz@student.uci.agh.edu.pl>
- Re: passwd by WWW
  - From: Ian Cumming <ian@ids.org.au>

Prev by Date: Re: passwd by WWW
Next by Date: RE: what is means ? + rootkits..
Previous by thread: Re: passwd by WWW
Next by thread: Re: passwd by WWW
Index(es):
- Date
- Thread