[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] CGI Script Question
- Subject: Re: [cobalt-users] CGI Script Question
- From: "Zeffie" <cobaltlist@xxxxxxxx>
- Date: Wed Aug 16 23:51:23 2000
> Zeffie wrote:
>
> > To me this is a security problem. If I know the usernames on a unix box
> > then I'm half way in. All I need to do is guess the passwd or automate
it
> > to try lists of passwords. To me there is nothing in a username besides
3
> > things to write down. The site, username, and passwd. Each domain can
have
> > it's own alias for a user even if bob's username is 12jj532 he can still
get
> > mail addressed to bob@xxxxxxxxxxx
>
> I'm glad to see that we agree, Zeffie (and please refrain from
> complaining about my "I agree" post until you finish reading <smile>).
LOL
> to be "http://users.isp.com/~username/"; rather than
> "http://users.isp.com/~12jj532.
>
> "~" is probably okay in the long run) "http://users.isp.com/username/";
I did think of one thing I could add. If you setup a cron job to copy the
password file and strip out everything but the usernames you could then use
that file to do lookups on. still don't like it but hey it's your box.
Also on the ~username desire
on my raq2 I just
[admin somewhere]$ cd /home/sites/home/users
[admin users]$ mkdir nonuser
[admin users]$ mkdir nonuser/web
And it works... Done deal... You still get my stupid username..... so
there.....
Zeffie