Actually Re: Does this user exist? was me. Originally I was going to be funny but in my sleep deprived state it wasn't at all. I'm still very, very tired but oh well. If you feel like sending a '--' where it counts then plonk it here. [Update: Oh yeah, the anonymous monk was part of the joke and I was already writing the node when I realized it didn't need to be anonymous anymore.]

The general attitude is similar to that expressed regarding symbolic references. People who ask that sort of question that way are defacto not qualified to write that piece of software. I don't know that I'd be qualified to write that either. The whole idea of having a web accessible user-creation system or really anything at all tied into the system is deep, deep mojo and difficult to get right.

Or put another way - this system is a way of removing several layers of authentication and access control. Many normal system protections are just being completely set aside (by going through this web->cron interface). Doing this right will take some serious meditation and knowledge of the host environment.

Fun Fun Fun in the Fluffy Chair

Hey, thanks for fessing up. You make a good point about security. But I've written "bad" web apps for convenience, myself, so I can't dismiss the question.

We don't know enough about the supplicant's needs to just say "you shouldn't do it". For all we know, (s)he might be writing a script to run on a private subnet, with strong HTTP access controls, just as a convenience for a small group of trusted users. Or it might be a CGI open to the world. I'm all for warning people the gun is loaded, but ultimately they have to make a reasoned choice.

One of the things I like best about this site is that people will tell you you're stupid, explain why what you want is wrong, and then show you how to do it anyway. You neglected part 3. ;-)