> Go register a domain at NetSol and then chargeback your credit card. You
> will see what will happen. There is NOWAY ON EARTH that you will be able
> to use those domains unless you FULLY pay for them. Are we able to
> enforce the same rules? NO. You seem to miss this whole point!!! My
> point here was that since "WE" paid for it, "WE" should own it... simply
> put it you pay for it , it is yours. What part of that is
> unreasonable???
I see what you mean and I do agree that this would be nice (the
ability to make any modification to any domain registered through you),
but I do not expect it. We took this into account when we decided to go
with OpenSRS, the fact that there would be some limitations and additional
rsisk associated with using OpenSRS.
> Most important point to remember is that saving customers' passwords in
> a databse on your system, as they register domains, is worse than saving
> their credit card numbers. A simply security breach can lead into
> thousands of ticked off customers (which consequences wouldbe worse than
> making their credit card numbers public as it hapened with CiHost) and
> the risk with the method you are proposing is unacceptable.
This is silly, the idea that you cannot save certain information
into a database due to security concerns. The problem that occurred in
the incidents you describe above was caused by inadequate protection, not
the presence of the data itself.
> Here you miss the point again. How am I going to save passwords, when I
> don't have access to them and I don't even know what they are??? Have
> you even run the live system yet? When a customer sets a password and
> requests a domain, you as a reseller don't even see the password!
We do not use reg_system.cgi , we developed our own interface
directly into opensrs.pl . This allows us to use our existing internal
domain management system. It's not "stealing" passwords, the customer has
no knowledge of OpenSRS and would assume the password and other
information they are entering will be retained by our system. When we
first looked at OpenSRS we were surprised there was a management interface
at all on their side. I am of the opinion that this should be a client
side issue and left up to the implementing service provider. That is the
point of my diatribe. Although I do agree with you in that, in this case,
I would also hope to be able to make any modification to any domain
without restriction. I would want to feel like a registrar, like I am
connecting right into the NSI registry with all the capabilities therein.
Jeff
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:23 EDT