[Previous] [Contents] [Next]


Changing Passwords from the Web


One of the most common requests I've seen for a CGI program is the one for a program that allows the Web client to change his/her password. Certainly, it's reasonable to want to be able to do this; unfortunately, it's more complicated and risky than it seems.

Because the httpd is running as the user nobody, and because the passwd file doesn't (or shouldn't) belong to that user, it's a bit of a quandary to have an exec'd CGI program change that file. There are alternatives, however. You can run a secondary server on a different port, under the www userid, whose only purpose would be to execute the CGI program that changes the user's password, for instance. Another alternative might be to implement something with SafeCGIPerl, discussed later, and the HTTPD::UserAdmin module just introduced. Coding it up is left as an exercise for the wary administrator. Be very, very careful.

[Previous] [Contents] [Next]


Home ADD TUTORIAL Articles
A+ Certification ASP C C# Flash HTML and CSS Java MS Access MS Excel MS Excel 2007 MS FrontPage MS PowerPoint MS Word MySQL Networking Perl and CGI Photoshop PHP PHP and MySQL Visual Basic XML XML