Linux password security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My company has decided to start selling our software products online.
We have hired a company to handle the shopping cart functionality.
Our products are for heterogenious Unix/Linux environments so there
can be up to a dozen different installation files required depending
on the customer's mix of operating systems.  Therefore, we cannot
offer an instant download and will need to redirect the customer to
our website to download the desired files.  One of the requirements is
that I password protect the download area, and change the passwords on
a frequent basis. Because we host our website on a Linux box, the
typical protection method is usually .htaccess and .htpassword files.

The problem is this method is manual and tedious having to create new
passwords, update the .htpassword file, update the shopping cart
confirmation page and confirmation email every month.  I am in need of
a more automated process.  Any suggestions?

Re: Linux password security

On 2009-01-21, silverbob wrote:
Quoted text here. Click to load it

   A shell script and a cron job.

   Chris F.A. Johnson                      <
   Shell Scripting Recipes: A Problem-Solution Approach (2005, Apress)

Re: Linux password security

silverbob wrote:
Quoted text here. Click to load it

You can change .htpassword file from script too. My very simple solution in Perl
(part of code)

my $newuser = 'silverbob';
my $newpassword = 'test';
my @parms = ('-b', '-m', '/path/to/file/.htpassword', $newuser, $nnewpassword,
my $response = system('htpasswd', @parms);
if((0xffff & $response) != 0)
    print "Can't change .htpassword file\n";

You can change -m parameter to -d if you prefer CRYPT instead of MD5 encryption.

Petr Vileta, Czech republic
(My server rejects all messages from Yahoo and Hotmail.
Send me your mail from another non-spammer site please.)
Please reply to <petr AT practisoft DOT cz>

Re: Linux password security

Quoted text here. Click to load it

This is a good start, but I would still need to edit the script to
insert a new password.  Then, I may as well just update
the .htpassword file too.  Ideally, I'm looking for a bit more
automation.  Maybe some sort of random password generator to change
the "my $newpassword" value.  Then, I would need some notification
back to me that the password was changed and to what.  That should be
fairly easy via email.  The final step would be updating the shopping
cart confirmation page with the new password.  This cart is not on our
server, so again looks like I'm stuck with a manual operation.

- Bob

Site Timeline