On Tue, 5 Mar 2002, Charles Daminato wrote: > 1) Only if you're listed as the Admin contact, and the customer agrees to > allow you have control of the domain (and agrees to have you listed as > Admin contact) This is the only way you can get the login information, > and your registrant must agree (and it must be clear that this is what > you're doing) > > 2) The email does not, by default, send out username/password > information. You can alter this script if you wish, but it's advisable > that you ensure there are security measures in place that you're not > sending this information to the wrong spot.
?? any suggestions on such "measures" Chuck? If someone enters the wrong admin contact, then telling them (the wrong e-mail address) that they just registered a domain name isn't much different than e-mailing them the domain password if you have 'send password to admin contact' enabled in manage.cgi is it? So much of our tech support comes from out of date e-mail addresses, that it makes sense to get the password into their in-box _immediately_ ... in our case it's combined with the receipt if the billing contact and admin contact are the same address.... If we've done something bad, I need to know so we can fix it :-) ---------------------------------------------------------------------- [EMAIL PROTECTED] | Courage is doing what you're afraid to do. http://BareMetal.com/ | There can be no courage unless you're scared. | - Eddie Rickenbacker
