|
Just an observation, but it seems to me that the
renew.cgi script should only be accessible to the RSP who owns the script. That
is, one of my management tools, and NEVER available to the public/clients. Much
like 'register.cgi'.
In the short term anyway. I'm not too sure what the
mechanism is that controls just who can approve a renewal, other than the
obvious. If the domain was registered through my service, then 'renewal' through
my 'renewal' interface will work appropriately. As the data is in my reseller
area.
If the domain is relocated to another reseller, the
data is moved to their reseller area one presumes. Any attempt to 'renew'
through my interface will result in a failure, as the domain cant be found in my
area. A renewal throught the new resleere's area would succeed, with charges
being placed appropriately?
If people are doing the dirty and renewing periods
illegally - surely the script can be modified so that every renewal sends a
message to BOTH the domain owner, and the Reseller under wholm the domain is
still registered. That way, if I get a message saying the Fred Dodgey added 5
years to his renewal for dodgeybrothers.com, and upon checking find that it is a
bogus transaction - then appropriate steps can be taken. Perhaps the script can
be set up so years can actually be subtracted !!! Of course that doesn't
stop the porblem with billing, but again I see that as fairly straight forward.
Fraud is easily dealt with.
So in the short term - I'd say keep it in a
restricted management area? sounds reasonable to me...
Bob
|
