Hi all,
I have a small CGI script here that is used to change users Unix
passwords. Now before we go into security let me just tell you that the
script is only accessable via a user name and password. The script is
also only accessable on an internal network and the every character in
each parameter is checked.
Now that I have mentioned that I was hoping for some input in how I
would go about this. I suppose I could do something like this...
$password = param('new_passoword'); #Taint check
$confirm_pasword = param('confirm_password'); #Taint check
#I was now thinking of doing some system calls here. I.e...
if ($password ne $confirm_password) {
print "Sorry passwords do not match";
} else {
system("passwd $username $password");
system("$password");
system("$password");
print "Password changed!\n";
}
but... as the code shows those system commands will not work because it
looks look after each system command it ends. Therefore my question
is...
How can I insert the New Unix Password through a CGI script?
Regards,
Dan
==============================
VINTEK CONSULTING PTY LTD
(ACN 088 825 209)
Email: [EMAIL PROTECTED]
WWW: http://www.vintek.net
Tel: (08) 8523 5035
Fax: (08) 8523 2104
Snail: P.O. Box 312
Gawler SA 5118
==============================
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
