See, when UNIX, and its standard toolset was developed, people still had a notition of security. At a time when "shoulder surfing" was the most dangerous way of getting your account compromised. No script kiddies with rootkits, or a big bad Internet with network sniffers around then. Not even heard of.
The passwd commands reads its input from /dev/tty.
The notion of allowing people to change their password using a web interface seems to absurd to consider for real. Why? For a brief moment, ignore the horrible security problems it causes. Why would you want to change your password over the web? Either you plan to log in to the system, or you don't. In the latter case, you don't need a password, let alone a new one. In the former case, well, once you are logged in, you can always run the passwd command. Hopefully, you are logged in using a secure channel.
I'm not going to dwell on every script kiddies wet dream - sites allowing users to change passwords over the web. Just this: if you have to ask how to change a password using a (CGI) program, you shouldn't be doing it in the first place. Would you answer a 16 year old intern asking how to perform brain surgery, knowing that (s)he plans to use such information on live patients?
-- Abigail
In reply to Re: How do I encrypt an Unix password?
by Abigail
in thread How do I encrypt an Unix password?
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |