[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] How can I add a user from a public form
- Subject: Re: [cobalt-users] How can I add a user from a public form
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Wed Jun 20 21:27:04 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Thu, 21 Jun 2001, Clive Harper wrote:
> Once of our customer wants to provide a form on his website to allow users
> to signup for e-mail addresses at their domain e.g. userx@xxxxxxxxxx
>
> They do not want to use the siteadmin GUI interface for this as they want
> the user to fill in a web form and submit the details to a CGI script which
> adds the user automatically.
>
> I have produced a script (mail me if you want to see it) which takes the
> input from a form and passes the details to the site_user_add function in
> Cobalt::User but I can only get the script to run successfully if I put it
> in the /cgi-bin/.cobalt/ folder.
>
> The problem is that this is a protected folder and therefore needs logon
> details to access the CGI script, I can pass the logon details in the form's
> post method e.g. http://user:pass@xxxxxxxxx/cgi-bin/.cobalt/useradd.cgi but
> this means that the username and password are clearly visible in the address
> bar of the browser.
>
> Does anyone have a way of allowing public users to create their own account
> on a RAQ without the site admin having to create it manually in the GUI?
>
> Any responses appreciated.
You can chown +s the script after changing the owner to root, and just
puit it in a nonprotected space (the website, for instance)
Note - unless you're know what you're doing (make sure no buffer overflows
can happen etc) - this can be VERY VERY unsecure.
- shimi.