RE: automate sending username and password

Sat, 22 Jul 2000 16:17:35 -0700 

I will put it in place next week, and let you know about it...

Thanks,

Issam

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles
Daminato
Sent: Saturday, July 22, 2000 11:47 PM
To: Issam W. Alameh
Cc: [EMAIL PROTECTED]
Subject: RE: automate sending username and password


Sounds like a fantastic idea :)  If you're confident that your security
model will hold, put it in place.  You only really have access to domains
your own customers have purchased through you - so that's the largest risk
you're taking.

Charles Daminato
OpenSRS Support Manager
[EMAIL PROTECTED]

On Sat, 22 Jul 2000, Issam W. Alameh wrote:

>
> The way I have implemented this is easy, send a secure request to
> https://rr-n1-tor.opensrs.net/~vpop/resellers/index.cgi
>
> read the cookie, and then another request to
>
https://rr-n1-tor.opensrs.net/~vpop/resellers/index.cgi?action=send_password
> &domain=domainname.com
>
> with the saved cookie in the header,
>
> it is very secure, and I have used SSLeay to do the requests.
>
> But what you have mentioned about compromising the email address, can be
> solved by saving locally a challange question and answer,
>
> is this a good idea??
>
> Regards
> Issam
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles
> Daminato
> Sent: Saturday, July 22, 2000 11:33 PM
> To: Issam W. Alameh
> Cc: [EMAIL PROTECTED]
> Subject: RE: automate sending username and password
>
>
> Legal implications are only in place depending on how you implement the
> feature and security you place around it.
>
> Security holes only really come into place if the Admin Contact's email
> address has been comprimised.
>
> Charles Daminato
> OpenSRS Support Manager
> [EMAIL PROTECTED]
>
> On Sat, 22 Jul 2000, Issam W. Alameh wrote:
>
> > Sorry for raising this up, I need some comments.
> >
> > Regards
> > Issam
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Issam W. Alameh
> > Sent: Friday, July 21, 2000 11:27 PM
> > To: [EMAIL PROTECTED]
> > Subject: automate sending username and password
> >
> >
> > hello,
> > can any body tell me if there is any legal implication/ security hole if
I
> > integrate into my site, a script to automate sending username and
password
> > to Admin contact in registered domains?
> >
> > Issam
> >
>
>

Reply via email to