At 5/21/03 5:41 PM, Jim McAtee wrote:
>I can't imagine how an OpenSRS reseller with thousands
>of domains in thousands of profiles would deal with something as seemingly
>simple as changing the technical contact email address or phone number.
Many larger OpenSRS resellers keep a copy of the customer's username and
password. This just requires the addition of a couple of lines to
reg_system.cgi and manage.cgi.
Since that can lead to security problems and out-of-sync issues, some
clever resellers go further and modify the OpenSRS code to use a "shim"
password: when the customer types in a password, the reseller's system
verifies that password in their own database, then uses a different
username/password (which was originally randomly generated by the
reseller) to make the OpenSRS connection.
A shim system allows the reseller to connect to OpenSRS to make changes
without any risk of compromising the customer's original password (which
could be stored as an MD5 hash instead of plaintext; as far as I'm
concerned I don't want to ever know or store people's real passwords).
Resellers using such a scheme can also do their own "lost password"
management, limit logins to their own system, offer a single password for
hosting and domain management, and so forth.
>Here's a closely related subject... Why not give OpenSRS resellers complete
>access to all contact and name server information for the domains they've
>sold?
If you write to your OpenSRS sales person and sign a contract, you can
get access to the login information for (almost all of) your customers'
domains. With that, you could then write a fairly simple script to update
the tech support information (or whatever) for all of them.
-- Robert L Mathews, Tiger TechnologiesA: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:37:43 EDT