I want to provide a web page to allow users to update their password.
The Apache is running on Solaris(unix).
The web site is protected by access.conf, .htaccess., htpasswd with
In CGI(perl), we want to use "htpasswd" utility to generate the
username and password store them in a file called "users".
The following is what I tested:
The file "users" must be group writable to allow Perl CGI to
call "htpasswd..." to change the password. There is a bad side -
UNIX command line, any group user can manually call "htpasswd..."
change someone else's password.
Is it possible to call "htpasswd..." in CGI while the file storing
password pairs is writable only to administrator or specific person?