For legal reasons we do log these things locally. It's an interesting
enhancement that I will take into consideration. There's a relatively
simple patch to log ALL XML transactions if you're interested. Place this
in XML_Client.pm
# Read the length of this input.
$buf = $self->{_OPS}->read_data( $self->{_fh} );
+
+ open(XML_LOG, ">>c:/temp/opensrs_xml.log") && do {
+ print XML_LOG scalar localtime, "\n", $buf, "\n\n";
+ close XML_LOG;
+ };
$buf = ($self->{_cipher}) ? $self->{_cipher}->decrypt($buf) : $buf;
Charles Daminato
OpenSRS Product Manager
Tucows Inc. - chuck@tucows.com
-----Original Message-----
From: owner-discuss-list@opensrs.org
[mailto:owner-discuss-list@opensrs.org]On Behalf Of Pflege@aol.com
Sent: May 13, 2002 1:43 PM
To: discuss-list@opensrs.org
Subject: Re: Access controls in RWI
For example, only give query/renew
capability to your Support crew, only give payment capabilities to your
finance folks, only give "messaging and crypt key" access to your
technical
crew.
For legal reasons I would at least prefere to restrict
- lock/unlock(!)
- renew
- transfer(!)
with other word all the domain management
and there should be a log file showing which
action was taken by which authorized person
(perhaps you might just add an additional column to your
already existing log files with the 'subuser name')
Personally I do not care much about the other things
like payment, messaging, ...
But if somebody unlocks a domain and if the domain
will be 'stolen', this might have big legal/financial consequences.
Matthias
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:14 EDT