In a theoretical sense, I agree. But there are also lots of times
where $BIG_COMPANY_MANAGER[1] thinks that all is well because
$MANAGER[2] has the password and vice versa. Only when $ADMIN is gone
do they both realize how wrong they were.
Also, there may also be very strict/tight security. e.g., you never
share $PASSWORD with anyone for any reason because the only person
trusted to do $JOB is $ADMIN. Perhaps not even $MANAGER{$ADMIN} is
trusted for that task for various reasons (no technical know-how,
etc.)
There's a wide variety of causes for the described problem. :-/
Again, not saying I necessarily have a problem with OpenSRS' system,
just a statement about a potential downside to it.
D
At 8:32 PM -0400 8/14/01, Steve Poirier wrote:
>Managers are responsible for employees. It should never happen that only one
>person has the password. Keep them in a safe or anywhere but not just in the
>head of a net admin. If you lose your password because you fire the guy who
>is the password guru, then you have serious management flaws and
>$BIG_COMPANY = 0;
>
>Regards,
>
>Steve
>----- Original Message -----
>From: "Derek Balling" <[EMAIL PROTECTED]>
>To: "Ross Wm. Rader" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Tuesday, August 14, 2001 7:54 PM
>Subject: Re: [RE: Transfer Fraud: Who are these losers!!!!]
>
>BIG_COMPANY fires me during YAMROL[1]
>
>$BIG_COMPANY now needs to move their nameservers to new IP's, or
>perform some other maintenance on their domain.
>
>Is it accurate to say that $BIG_COMPANY, even though they're listed
>as the owner, has absolutely no way short of a court order of getting
>it done?
>
>I'm not passing judgement here, I'm just noting that what's being
>described above is VERY tight security, and I'm not sure it is all
>that practical in all cases. It's cool that the "fake fax" won't get
>a xfer moved, but at what cost? *chuckle*
>
>I guess I'm asking "how firm IS that position?"
>
>__
>Steve Poirier
>Project manager
>Inet-Technologies inc.
>
>----- Original Message -----
>From: "Derek Balling" <[EMAIL PROTECTED]>
>To: "Ross Wm. Rader" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Tuesday, August 14, 2001 7:54 PM
>Subject: Re: [RE: Transfer Fraud: Who are these losers!!!!]
>
>
>> At 7:25 PM -0400 8/14/01, Ross Wm. Rader wrote:
>> > > > Personally, it doesn't really matter if people are trying to steal
>my
>> >> > domains... just be thankful you're not with NSI where it used to be
>> >(still
>> >> > is?) trivial to steal domains from another individual.
>> >>
>> >> Is it any more trivial then at OpenSRS? Just a forged fax away from
>> >owning
>> >> any domain you want, right?
>> >
>> >nope...transfer requests are only honored through the system. Registrant
>> >changes only through the MWI with a valid U:P - court order or WIPO
>decision
>> >beyond that. There are other limited situations where we will act, but
>these
>> >are typically to assist a verified registrant get a name back that was
>lost
>> >due to insufficient process at another registrar...(ie - another
>registrar
>> >receives a forged fax, changes the admin contact email address and then
>lets
>> >the pirate registrant transfer to us...)
>>
>> Let me play devil's advocate for a second.
>>
>> I work for $BIG_COMPANY, and manage their domains. I alone know the
>> username/password combo.
>>
>> $BIG_COMPANY fires me during YAMROL[1]
>>
>> $BIG_COMPANY now needs to move their nameservers to new IP's, or
>> perform some other maintenance on their domain.
>>
>> Is it accurate to say that $BIG_COMPANY, even though they're listed
>> as the owner, has absolutely no way short of a court order of getting
>> it done?
>>
>> I'm not passing judgement here, I'm just noting that what's being
>> described above is VERY tight security, and I'm not sure it is all
>> that practical in all cases. It's cool that the "fake fax" won't get
>> a xfer moved, but at what cost? *chuckle*
>>
>> I guess I'm asking "how firm IS that position?"
> >
>> D
>>
>>
>> [1] Yet Another Massive Round Of Layoffs
>>
>> --
>> +---------------------+-----------------------------------------+
>> | [EMAIL PROTECTED] | "Conan! What is best in life?" |
>> | Derek J. Balling | "To crush your enemies, see them |
>> | | driven before you, and to hear the |
>> | | lamentation of their women!" |
>> +---------------------+-----------------------------------------+
>>
--
+---------------------+-----------------------------------------+
| [EMAIL PROTECTED] | "Conan! What is best in life?" |
| Derek J. Balling | "To crush your enemies, see them |
| | driven before you, and to hear the |
| | lamentation of their women!" |
+---------------------+-----------------------------------------+
