This is in reply to both Stefan and Richard,
I gave it some brief thought in the past, but brushed it off as "not as convenient". However, rethinking about it, it may actually be more secure. Hmmmm, darn it, now you have me thinking again. Security is a big concern for me. As it is now, the web user has the ability to sudo. But that user can only sudo to one other user, who is limited, and can only run 2 commands as that user. Sooo... while the web user is certainly limited, and the PHP script will be outside of the document root of the web server, and access to that script will be through an include on an SSL connection, there could still be something that I am not thinking of. Adding the people to a database first and having a script run by cron (or some other trigger) running on ServerB that accesses the database that is on ServerA would be a nice firewall and the web user would not need any access rights or the need to sudo. Ok, I am going to break this down and rethink my strategy. Thanks to everyone. Richard, I consider myself a highly security conscious person, but you are making me think more like a criminal, and that is good. Security is very important.
I will post back with my results.
Thanks, -- Jonathan Duncan http://www.nacnud.com
On Fri, 3 Dec 2004, Stefan wrote:
Hi!
Have you thougt of writing the userdata to a database and running a perl script by cron to do the rest? This would be an interesting opinion for security purpose.
Stefan
-----Ursprüngliche Nachricht----- Von: Jonathan Duncan [mailto:jonathan@xxxxxxxxxx] Gesendet: Freitag, 3. Dezember 2004 18:55 An: php-general@xxxxxxxxxxxxx Betreff: Re: Page that checks if a user exists on a remote system
Christophe,
I see where you are coming from with that, but the purpose of this script is to remove me from the picture completely. I want someone to be able to come sign up on my site and automatically be added as a mail user and other things so that I do not need to do that kind of thing.
I am looking to do like Hotmail, or Yahoo!, or Mail.com, or any of the other places do. I can go sign up on their site and immediately have an e-mail account that I can start using. No admin has to take the time to create my account for me.
Does that make sense? Does that explain better why I am trying to do this? Has not anyone else wanted that functionality also?
Thank you, Jonathan Duncan
On Fri, 3 Dec 2004, Christophe Chisogne wrote:
Jonathan Duncan wrote:systemI will also be doing a remote command to add a user to the remote(ServerB) from the same PHP script.
If you want to manage a server via web interface, dont reinvent the wheel. Use webmin, by example.
Webmin runs a mini "webserver" as root (on port 10000), and uses modules for managing users, proftp, apache, etc
Of course, I dont know what you want to do.
Christophe
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
