No suggestions on security from your end, but the scripts do allow (it's
possible) for the password to be sent along with the order.
Charles Daminato
OpenSRS Product Manager
Tucows Inc. - chuck@tucows.com
> -----Original Message-----
> From: owner-discuss-list@opensrs.org
> [mailto:owner-discuss-list@opensrs.org]On Behalf Of Tom Brown
> Sent: March 6, 2002 1:46 AM
> To: discuss-list@opensrs.org
> Subject: Re: Two Questions..
>
>
> On Tue, 5 Mar 2002, Charles Daminato wrote:
>
> > 1) Only if you're listed as the Admin contact, and the customer
> agrees to
> > allow you have control of the domain (and agrees to have you listed as
> > Admin contact) This is the only way you can get the login information,
> > and your registrant must agree (and it must be clear that this is what
> > you're doing)
> >
> > 2) The email does not, by default, send out username/password
> > information. You can alter this script if you wish, but it's advisable
> > that you ensure there are security measures in place that you're not
> > sending this information to the wrong spot.
>
> ?? any suggestions on such "measures" Chuck?
>
> If someone enters the wrong admin contact, then telling them (the wrong
> e-mail address) that they just registered a domain name isn't much
> different than e-mailing them the domain password if you have 'send
> password to admin contact' enabled in manage.cgi is it?
>
> So much of our tech support comes from out of date e-mail
> addresses, that it makes sense to get the password into their
> in-box _immediately_ ... in our case it's combined with the
> receipt if the billing contact and admin contact are the same
> address....
>
> If we've done something bad, I need to know so we can fix it :-)
>
> ----------------------------------------------------------------------
> tbrown@BareMetal.com | Courage is doing what you're afraid to do.
> http://BareMetal.com/ | There can be no courage unless you're scared.
> | - Eddie Rickenbacker
>
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:05 EDT