[pLog-svn] dynamic blog settings?
Jon Daley
plogworld at jon.limedaley.com
Wed Jan 25 14:43:10 GMT 2006
On Wed, 25 Jan 2006, Christoph Feddersen wrote:
> Assuming:
> User A, owner of mydomain.com
> User B not owning a domain
>
> User A points his DNS to your IP.
> User A goes out for lunch.
> User B uses WHOIS on user's A domain and sees that it points to your
> IP/Lifetype
> User B goes to his control page (or registration screen) and assigns
> mydomain.com to his blog
>
> This may be unlikely, but possible. What I wanted to say is that you can't
> determine weather a lifetype-user is the owner of a domain and is allowed to
> use a particular domain.
> So I'd prefer some kind of manual approval to make sure that a user is
> authorized to use a domain name.
Correct. I think that could be controlled by apache, rather than
lifetype? The other way to do it is to have User A sign up for the blog
with the domain name he wants. This prevents user B from stealing it.
Then point the DNS. If user B has already stolen user A's domain, user B
gets banned by the administrator for life.
I think this feature will be more useable the more automatic it
is, and lifetype requiring an administrator for each registration makes it
hard to use. If a particular administrator wants to be more secure, I
would recommend using apache virtual hosts as well as making the user sign
up with a domain before the dns record is created. I think this provides
enough security.
**************************************
Jon Daley
http://jon.limedaley.com/
You can tell a lot about a fellow's character by his way of eating jellybeans.
-- Ronald Reagan
More information about the pLog-svn
mailing list