#############################################################
##                                                         ##
## Procmail RC Webmin -- README                            ##
## Copyright (c) 2001 The University of Vermont            ##
## Written: June 19, 2001                                  ##
## By James Flemer <jflemer@acm.jhu.edu>                   ##
##                 <jflemer@zoo.uvm.edu>                   ##
##                                                         ##
## Please see the LICENSE file for licensing requirements. ##
##                                                         ##
#############################################################
# $Id: README,v 1.4 2001/11/06 19:27:52 jflemer Exp $
#############################################################

Please see the LICENSE file for licensing requirements.

This is a basic web interface to creating and editing
Procmail recipes. In order to run it on your site some
changes will probably be needed.

Firstly, the script expects to find the username of the RC
file to edit in the REMOTE_USER environment variable. This
should be set by Apache when using some Authentication
method. The file to be edited is determined from this
variable in the section "CGI Main" (at or around line
1350). You should edit this line to make sure the script
knows where to find the appropriate RC file.

Secondly, the script expects to be able to read, write, and
truncate the RC file. This is a big security issue. There
is no sanity checking on the REMOTE_USER environment
variable, and so a user could potentially read or write
virtually any file (with the credentials of the executing
process)! The script was designed to be used in a DCE/DFS
environment where the the REMOTE_USER has a set of DCE
credentials, and those allow the CGI to read and write that
users files. In a non-DCE environment (i.e. your
environment), some other means must be used to give the CGI
sufficient rights to edit the RC file, and sanity check the
REMOTE_USER.

Please contribute any changes and/or additions you make
back to the Procmail community.
