Well, DomainDirect's "account" system was built previously to the concept of
OpenSRS profiles. SO - DomainDirect users CAN go to other manage.cgi based
sites and alter their domain information - but not affect their DomainDirect
account(s).
--
Charles Daminato
Tucows Product Manager (ccTLDs)
[EMAIL PROTECTED]
Education is an admirable thing, but it is well to remember from time to
time that nothing worth knowing can be taught.
- Oscar Wilde
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of A. I. Sinclair
Sent: November 20, 2000 4:10 PM
To: [EMAIL PROTECTED]
Subject: Is DD script possibly more secure than RSP scripts?
A difference in RSP scripts vs Domain Direct scripts was previously raised
and addressed.
I stumbled across another which may or may not be regarded as a security
issue, but I know I am not too comfortable with it.
In essence a user with a domain registered with Tucows through an RSP, can
use another RSP's site to log into the system and maintain their domain.
So although someone is not your customer, they can still log into your site
hmmmm.....
By contrast a user, cannot log into Domain Direct. However, I am not sure if
the reverse is possible, i.e. if a user who registered with Domain Direct
can log into an RSP's site.
Of course I did not try any hanky-panky and not sure if it is even possible,
but then there are those (and I don't mean RSP's) who might get up to some
mischief.
ais
