Re: [EPP-discuss] Updates to sandbox and test environments

From: Peter Larsen <peter.larsen_at_larsendata.dk>
Date: Thu, 14 Feb 2013 13:45:38 +0100

both

test gives available answers on contact-check for REG handles.

sandbox is more correct, giving an not available on my own reg-handle, and not allowed 2201 error on others



the security error is not that high, since i'm only allowed to check my own reg handle...

But i might should not be able to check it at all, this is also the reason i don't like to use real data in a testing environment.

You could eventually have an information leak here, I would advice to not allow REG handle checks at all, since reg handles is "very secure secret information", i would be sad that my dkhm-search-for-handles.php script someday sends me a list of all handles.. :)




regards, Peter Larsen - ICANN Accredited registrar

My info: http://larsen.tel
Company info: http://larsendata.tel

On Feb 14, 2013, at 9:23 AM, Jonas B. Nielsen <jonasbn_at_dk-hostmaster.dk> wrote:

> Hi Peter,
>
> Could you please clarify in what environment you observed the described behaviour?
>
> jonasbn
>
> On 13/02/2013, at 17.06, Peter Larsen <peter.larsen_at_larsendata.dk> wrote:
>
>> so, i'm allowed to do a contact check for availability of a REG-000000 handle, but not allowed to use it in a contact create.. what a shame :)
>>
>> ... in other retrospect, i consider it a error that i get an available reply on something i'm not allowed to do.
>>
>>
>> regards, Peter Larsen - ICANN Accredited registrar
>>
>> My info: http://larsen.tel
>> Company info: http://larsendata.tel
>>
>> On Feb 13, 2013, at 4:31 PM, Jonas B. Nielsen <jonasbn_at_dk-hostmaster.dk> wrote:
>>
>>> Hello All,
>>>
>>> Our test and sandbox environments. Both have been updated to version 1.0.1. This is a release candidate and we are getting close to opening for production.
>>>
>>> Please let us know if you experience any issues with either. Changes are primarily internal and does not change the current specification.
>>>
>>> Looking forward to your feedback,
>>>
>>> jonasbn
>>> --
>>> Med venlig hilsen/Best Regards
>>> Jonas B. Nielsen
>>> Software udvikler/Softwaredeveloper
>>>
>>> DK Hostmaster A/S
>>> Kalvebod Brygge 45, 3. sal
>>> 1560 København V
>>>
>>> Tlf. +45 33 64 60 60
>>> Mobil: +45 31 54 60 56
>>> Fax.: +45 33 64 60 66
>>> Email: jonasbn_at_dk-hostmaster.dk
>>> Homepage: https://www.dk-hostmaster.dk
>>>
>>> .dk Danmarks plads på Internettet
>>>
>>> -------------------------------------------------------------------------
>>> Dette er en e-mail fra DK Hostmaster A/S. Denne e-mail kan indeholde
>>> fortrolig information, som kun er til brug for den tiltænkte modtager.
>>> Hvis du ved en fejl har modtaget denne e-mail, bedes du venligst straks
>>> give afsenderen besked om dette og slette e-mailen fra dit system uden
>>> at offentliggøre, videresende eller tage kopi af meddelelsen.
>>>
>>> This is an email from DK Hostmaster A/S. This message may contain
>>> confidential information and is intended solely for the use of the
>>> intended addressee. If you are not the intended addressee please notify
>>> the sender immediately and delete this e-mail from your system. You are
>>> not permitted to disclose, distribute or copy the information in this
>>> e-mail.
>>> --------------------------------------------------------------------------
>>>
>>>
>>>
>>
>>
>
> --
> Med venlig hilsen/Best Regards
> Jonas B. Nielsen
> Software udvikler/Softwaredeveloper
>
> DK Hostmaster A/S
> Kalvebod Brygge 45, 3. sal
> 1560 København V
>
> Tlf. +45 33 64 60 60
> Mobil: +45 31 54 60 56
> Fax.: +45 33 64 60 66
> Email: jonasbn_at_dk-hostmaster.dk
> Homepage: https://www.dk-hostmaster.dk
>
> .dk Danmarks plads på Internettet
>
> -------------------------------------------------------------------------
> Dette er en e-mail fra DK Hostmaster A/S. Denne e-mail kan indeholde
> fortrolig information, som kun er til brug for den tiltænkte modtager.
> Hvis du ved en fejl har modtaget denne e-mail, bedes du venligst straks
> give afsenderen besked om dette og slette e-mailen fra dit system uden
> at offentliggøre, videresende eller tage kopi af meddelelsen.
>
> This is an email from DK Hostmaster A/S. This message may contain
> confidential information and is intended solely for the use of the
> intended addressee. If you are not the intended addressee please notify
> the sender immediately and delete this e-mail from your system. You are
> not permitted to disclose, distribute or copy the information in this
> e-mail.
> --------------------------------------------------------------------------
>
>
>
Received on Thu Feb 14 2013 - 13:45:38 CET

This archive was generated by hypermail 2.3.0 : Fri Feb 06 2015 - 11:39:09 CET