procmail
[Top] [All Lists]

Re: Slightly OT: How to let users change settings without logging in

2002-02-14 10:58:39

On Thu, 14 Feb 2002, Edward Wildgoose wrote:

I have seen this done using a small C program which runs SUID, does a chmod
and chgroup to the correct user and then writes the data.  Is this a good
idea..?

This is probably your best bet -- have some web form that submits to this
setuid tool which generates the procmailrc in the right place, with the right
ownership/permissions.  Just be very careful about how you trust data from the
form.  i.e. not only will you have to carefully scrub the data but you've got
to incorporate some sort of authentication of the user as well.

I've got something analogous running on my own site which virtual domain
customers use to manage their email addresses, and find it works quite well.

In all this we must assume non-technically literate users with a small
patience threshold.  They will not be changing these variables very often so
they will have forgotten how to do it when they need to, hence web ideas are
mostly appreciated.

If you're not dealing with savvy netizens (e.g. people who were subscribing to
mailing lists long before there were web interfaces) then forget about
submitting changes via email.  Ignoring for the moment that it can't ever
really be done securely (well, unless you want to get into gpg signatures or
something), it's beyond the skills of most pointy-clicky users.

----------------------------------------------------------------------
``Teach the harlot's child to smile.''
    --  Natalie Merchant, "Thick As Thieves"

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>