No suggestions on security from your end, but the scripts do allow (it's possible) for the password to be sent along with the order.
Charles Daminato OpenSRS Product Manager Tucows Inc. - [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Brown > Sent: March 6, 2002 1:46 AM > To: [EMAIL PROTECTED] > Subject: Re: Two Questions.. > > > On Tue, 5 Mar 2002, Charles Daminato wrote: > > > 1) Only if you're listed as the Admin contact, and the customer > agrees to > > allow you have control of the domain (and agrees to have you listed as > > Admin contact) This is the only way you can get the login information, > > and your registrant must agree (and it must be clear that this is what > > you're doing) > > > > 2) The email does not, by default, send out username/password > > information. You can alter this script if you wish, but it's advisable > > that you ensure there are security measures in place that you're not > > sending this information to the wrong spot. > > ?? any suggestions on such "measures" Chuck? > > If someone enters the wrong admin contact, then telling them (the wrong > e-mail address) that they just registered a domain name isn't much > different than e-mailing them the domain password if you have 'send > password to admin contact' enabled in manage.cgi is it? > > So much of our tech support comes from out of date e-mail > addresses, that it makes sense to get the password into their > in-box _immediately_ ... in our case it's combined with the > receipt if the billing contact and admin contact are the same > address.... > > If we've done something bad, I need to know so we can fix it :-) > > ---------------------------------------------------------------------- > [EMAIL PROTECTED] | Courage is doing what you're afraid to do. > http://BareMetal.com/ | There can be no courage unless you're scared. > | - Eddie Rickenbacker >
