Allow me to reply to myself- what I suggested would be a security hole if anyone could put up a form that submitted to your CGI and allowed them to create an account with any group membership they put in a hidden variable. Maybe there could be a conf file (or DB table) which lists allowed referer URLS to use the special "set default group" function of adduser.pl- then you could put localhost, or
www.wwwthreads.com, or even
www.wwwthreads.com/path/to/my/form.html and get some really fine-grained control over it. Or maybe someone else has a better method to make sure this does not get abused.
