On Mon, 29 Oct 2001 11:15:19 +1030
"Daniel Falkenberg" <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I have a small CGI script here that is used to change users Unix
> passwords. Now before we go into security let me just tell you that the
> script is only accessable via a user name and password. The script is
> also only accessable on an internal network and the every character in
> each parameter is checked.
>
> Now that I have mentioned that I was hoping for some input in how I
> would go about this. I suppose I could do something like this...
>
> $password = param('new_passoword'); #Taint check
> $confirm_pasword = param('confirm_password'); #Taint check
>
> #I was now thinking of doing some system calls here. I.e...
>
> if ($password ne $confirm_password) {
> print "Sorry passwords do not match";
> } else {
> system("passwd $username $password");
> system("$password");
> system("$password");
or u could try this instead: "echo $PASSWORD | passwd --stdin"
> print "Password changed!\n";
> }
>
> but... as the code shows those system commands will not work because it
> looks look after each system command it ends. Therefore my question
> is...
>
> How can I insert the New Unix Password through a CGI script?
>
> Regards,
>
> Dan
>
> ==============================
> VINTEK CONSULTING PTY LTD
> (ACN 088 825 209)
> Email: [EMAIL PROTECTED]
> WWW: http://www.vintek.net
> Tel: (08) 8523 5035
> Fax: (08) 8523 2104
> Snail: P.O. Box 312
> Gawler SA 5118
> ==============================
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
