[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-security
Subject:    Re: getting passwored data via a perl cgi
From:       "Willem Jan Withagen" <wjw () iae ! nl>
Date:       1999-08-23 20:17:30
[Download RAW message or body]

I did it the other way around:
    I wrote a Apache security module which takes usercode/password and then
    veryfies it at the POP-port.
If you don't want POP outside the box, use tcpwrappers or a firewall to hide
them.

The advantage is that this code is very unlikely to be stored in a
cache/proxy, whilest I've
found plenty of "pages" in many Win'95/OS2 caches containing
usercode/password combinations

--WjW

PS: code is available, but RAW

-----Original Message-----
From: Ollivier Robert <roberto@keltia.freenix.fr>
To: freebsd-security@freebsd.org <freebsd-security@freebsd.org>
Date: zondag 22 augustus 1999 23:00
Subject: Re: getting passwored data via a perl cgi


>According to Colin Eric Johnson:
>> Is there a way to allow other users access to complete password database?
>> I understand, basically, why this is restricted but I'm not sure how else
>> to solve this given FreeBSDs restrictions.
>
>Either you make it setuid root or you wipe up a daemon that runs as root
and
>make your script discuss with the daemon. The daemon could cache entries
for
>example (although pwd lookups should be fast thanks to the DB files).
>--
>Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=-
roberto@keltia.freenix.fr
>FreeBSD keltia.freenix.fr 4.0-CURRENT #73: Sat Jul 31 15:36:05 CEST 1999
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

[prev in list] [next in list] [prev in thread] [next in thread]