There is absolutely nothing to stop a "bad ISP" from rewriting the script
and having it capture all the user names and passwords that anyone uses when
they fill out a domain registration form. The ISP is put in a position of
trust thus it is possible for the ISP to abuse that trust and cause
problems. There is no possible way around this that I can see. This is the
same problem anytime you use your credit card somewhere someone could mess
with the scanner system and dump a copy of the card swipe info to their own
computer and screw with you. In fact there are numerous accounts of gas
stations with pay at the pump that have done exactly this. Even NSI has this
problem, one of their employees in a position of trust could screw with your
domain name and delete it or whatever.
Anytime you put a person or company in a position of trust it is a risk that
they could abuse that trust and cause lots of time and money. It is just a
matter of who do you trust and how far do you trust them.
Tim Jung
System Admin
Internet Gateway Inc.
tjung@igateway.net
----- Original Message -----
From: "Bill Gerrard" <bill@daze.net>
To: "Tim Jung" <tjung@igateway.net>
Cc: < >
Sent: Thursday, January 06, 2000 4:50 PM
Subject: Re: And quick update
> On Thu, 6 Jan 2000, Tim Jung wrote:
> > Unless my understanding of the OpenSRS system is totally off there is no
> > problem here. If you get pissed off with a reseller you can always just
go
> > to another reseller/ISP and then hit their web interface punch in your
> > username and password for the domain and make all the changes. Which is
>
> I thought the reseller username/password *and* domain holder
> username/password were required to access an account, otherwise you could
> have a potential security hole. With all of this talk of bad ISP's, if
> what you say is true, what would stop the other ISP from capturing your
> username/password and then going in and making all kinds of unwanted
> changes to your domain?
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:16 EDT