Right, that's how I would expect it to function.
All is good then. :) Dave On Tue, 22 Jan 2002, Charles Daminato wrote: > The mechanism will only email the customer if they're using your manage > interface. So if you have it disabled, they won't be able to get that > information. It only works with domains that you sponsor. > > Charles Daminato > OpenSRS Product Manager > Tucows Inc. - [EMAIL PROTECTED] > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Wood > > Sent: January 22, 2002 9:19 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Some improvements we would like feedback on.... > > > > > > > > I would have expected that in order for the username/password to be mailed > > out through the interface, it would have had to login to OpenSRS using the > > RSP username/key, and if the RSP had that option disabled in his/her > > interface, it would effectively be globally disabled. It seems to me like > > it's a major security issue if anyone can have anyone's password mailed to > > them. Even if it's used just to harass someone else's clients. So I for > > one would like to see this fixed. > > > > Dave > > > > On Tue, 22 Jan 2002, Scott Allan wrote: > > > > > I guess my response would be that should someone's email account become > > > compromised (or data sniffed), the ability to do all sorts of damage has > > > always been there. I am not sure how to design against this - allowing > > > registrants to have their U:P combo sent to them is a really useful > > > feature, and is pretty standard. I can't think of a way that improves > > > security without seriously compromising usability... PGP is nowhere near > > > widely enough deployed - I guess we could let resellers globally disable > > > this for their names, but that would likely not be an option that many > > > would choose, therefore not greatly improving security (it > > would of course > > > allow those who desire greater security to have it). > > > > > > My understanding (perhaps wrong) is that plain text data (password) > > > sniffing exploits are pretty rare - anyone violently disagree? It has > > > always struck me as something that it is possible, but not > > generally worth > > > it. In this case, not only would you have to be able to > > guarantee you could > > > get all the mail sniffed, but also be familiar with the OSRS > > manage system. > > > > >
