Jeff wrote:
>
> Now, all a customer would need to do is:
> - register a name and not provide a profile username/password (gets assigned
> to my default profile)
Like we do for our clients. If they want it, we give it to them. If they
don't ask for it, we manage it for them.
About holding the domain "hostage" when waiting for payment. If the
client has not paid us for the domain, then technically, we still own the
lease to it. Our money was used to purchase the lease and we have not
been compensated. It would seem to me that this isn't even approaching
gray areas.
Kinda like this: I buy items on the promise I will pay them for it. I
leave the store without paying, as that is the arrangement. A month
later, I refuse to pay them for the items. They come and reposses the
items. Should I be surprised? No. Should I be offended? No. Should I
have the right to those items? No way! I never paid for them -- why
should I reap the benefits? Hint: I shouldn't!
> - contact us/Opensrs and get the password sent to them,
Actually, according to what I've been able to discern from OpenSRS
documentation, they would only send the password if they were unable to
contact the RSP.
It is the RSP's job to ensure the customer is happy -- if the customer
calls OpenSRS, OpenSRS will contact the RSP and attempt to work things out
there. This would mean the RSP could resolve the issue w/o disclosing the
information necessary.
I agree with Kai and a few other on this list -- a lot of our clients
don't know the difference between their domain and their mouse. It's all
Esperanto to them, and the only thing they can associate with for the
transfer to OpenSRS is "it will save you ~$50/year..."
> - customer now has access to ALL domain names within that profile..
Not if you're smart about it.
> Now, I don't think that is good security..
The only fallacy in your problem comes with incompetant human help. The
user cannot request the user/pass combo from anyone outside of your
organization, and anyone inside your organization shouldn't allow this to
happen.
> It would make us look like NSI..
Come now, I can't imagine *anyone* could look *that* bad!
> Think of the implications for a company that has thousands of separate
> individual customers..
Then they don't implement the change. Seems straightforward enough to me.
-kb
--
Kris Benson
ABC Communications
+1 (250)612-5270 x14
+1 (888)235-1174 x14
