From: Scott M. <sco...@ya...> - 2002-06-03 13:02:47
|
Hiyas, Is there a more secure version of the password change module? I am workin on restricting it down (disallow you to change root password, only change password of unlocked users or those with a specific '*expired*' keyword), and noticed that the security checks are not too tight. Namely, save_passwd.cgi does not seem to do the same validation for password change rights as the other modules. -Scott __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com |