Updating Unix And Linux Passwords Via The Web Browser

Dec 16, 2008, 04:32 (0 Talkback[s])
(Other stories by Mike Tremell)

[ Thanks to Mike Golvach for this link. ]

"Now, we'll go on record right away (admittedly, this is the second paragraph, so we're lagging behind already ;) by stating that we do not specifically endorse this method of password changing. It's very convenient (for users both trustworthy and malicious) and does the job, but, use of this script in a secure environment (or any environment that requires protection) is not recommended. Not only does this script open up many potential security holes by allowing access to system commands (albeit via another script that gets called, so it's not "unbelievably" easy to misuse), it will almost guarantee that you won't get your Sarbanes Oxley compliance certificate :) That being said, if you have a small internal net (quarantined from production and other environments) this can be a handy way to do your updates. In the worst case, you can just forego the "web experience" and do your mass password updates using Expect (or any other tool) from the CLI."

Complete Story

Related Stories:

• Work Imitates Life On Unix or Linux - Some Surrealism For A Change(Dec 14, 2008)
• Unix And Linux Factoids - Your Time To Live Is Gonna Come(Dec 12, 2008)
• Why DU And DF Display Different Values On Linux And Unix(Dec 11, 2008)
• Unix And Linux PDF Telnet Curiosity - When HTTP Error Pages Don't Attack!(Dec 10, 2008)
• Linux And Unix Internet User And Site Security - How Much Is Too Much?(Dec 09, 2008)
• Unix and Linux Horror Stories And Actual Help(Dec 08, 2008)
• Unix - System VI Release Notes - More Linux and Unix Humor(Dec 06, 2008)