I hadn't actually considered using the actual /etc/passwd passwords for
users. My idea was that each user would specify a password in a fill-out
form when registering for access to the restricted part of the Web. Dennis
is right though, it's inherently no more insecure to use actual account
passwords.
The only difference lies in the possible consequences of password
interception. If someone finds out your password for accessing restricted
web pages it's not really a huge problem. If someone finds out your shell
account password that could well have more serious ramifications. But
since, as Dennis says, passwords are normally sent unencrypted when
establishing a telnet session anyway, why not use users' shell account
passwords? That would make things a lot easier to manage on the server
side. There would be no need to handle registrations at all.
later,
Brad.
--- Bradley Hughes, Webmaster brad@nospam.arrakis.com.au Arrakis Internet Services http://www.arrakis.com.au/ Ph: + 61 2 310 7500 Without action, ideas are nothing. ----------------------------------------------------------------- 'Filthy Art: Graffiti, Grunge and the Net' can be found at: http://www.arrakis.com.au/content/magazine/brereton/graffiti/