Re: [EPP-discuss] Updates to sandbox and test environments

From: Jonas B. Nielsen <jonasbn_at_dk-hostmaster.dk>
Date: Thu, 14 Feb 2013 13:50:29 +0100

Hi Peter,

You have a point, I will escalate the issue and will get back to you and the list on the issue.

I expect you would require the same constraints for the contact info command and any future commands related to data on registrar contacts.

jonasbn

On 14/02/2013, at 13.45, Peter Larsen <peter.larsen_at_larsendata.dk> wrote:

> both
>
> test gives available answers on contact-check for REG handles.
>
> sandbox is more correct, giving an not available on my own reg-handle, and not allowed 2201 error on others
>
>
>
> the security error is not that high, since i'm only allowed to check my own reg handle...
>
> But i might should not be able to check it at all, this is also the reason i don't like to use real data in a testing environment.
>
> You could eventually have an information leak here, I would advice to not allow REG handle checks at all, since reg handles is "very secure secret information", i would be sad that my dkhm-search-for-handles.php script someday sends me a list of all handles.. :)
>
>
>
>
> regards, Peter Larsen - ICANN Accredited registrar
>
> My info: http://larsen.tel
> Company info: http://larsendata.tel
>
> On Feb 14, 2013, at 9:23 AM, Jonas B. Nielsen <jonasbn_at_dk-hostmaster.dk> wrote:
>
>> Hi Peter,
>>
>> Could you please clarify in what environment you observed the described behaviour?
>>
>> jonasbn
>>
>> On 13/02/2013, at 17.06, Peter Larsen <peter.larsen_at_larsendata.dk> wrote:
>>
>>> so, i'm allowed to do a contact check for availability of a REG-000000 handle, but not allowed to use it in a contact create.. what a shame :)
>>>
>>> ... in other retrospect, i consider it a error that i get an available reply on something i'm not allowed to do.
>>>
>>>
>>> regards, Peter Larsen - ICANN Accredited registrar
>>>
>>> My info: http://larsen.tel
>>> Company info: http://larsendata.tel
>>>
>>> On Feb 13, 2013, at 4:31 PM, Jonas B. Nielsen <jonasbn_at_dk-hostmaster.dk> wrote:
>>>
>>>> Hello All,
>>>>
>>>> Our test and sandbox environments. Both have been updated to version 1.0.1. This is a release candidate and we are getting close to opening for production.
>>>>
>>>> Please let us know if you experience any issues with either. Changes are primarily internal and does not change the current specification.
>>>>
>>>> Looking forward to your feedback,
>>>>
>>>> jonasbn
>>>> --
>>>> Med venlig hilsen/Best Regards
>>>> Jonas B. Nielsen
>>>> Software udvikler/Softwaredeveloper
>>>>
>>>> DK Hostmaster A/S
>>>> Kalvebod Brygge 45, 3. sal
>>>> 1560 København V
>>>>
>>>> Tlf. +45 33 64 60 60
>>>> Mobil: +45 31 54 60 56
>>>> Fax.: +45 33 64 60 66
>>>> Email: jonasbn_at_dk-hostmaster.dk
>>>> Homepage: https://www.dk-hostmaster.dk
>>>>
>>>> .dk Danmarks plads på Internettet
>>>>
>>>> -------------------------------------------------------------------------
>>>> Dette er en e-mail fra DK Hostmaster A/S. Denne e-mail kan indeholde
>>>> fortrolig information, som kun er til brug for den tiltænkte modtager.
>>>> Hvis du ved en fejl har modtaget denne e-mail, bedes du venligst straks
>>>> give afsenderen besked om dette og slette e-mailen fra dit system uden
>>>> at offentliggøre, videresende eller tage kopi af meddelelsen.
>>>>
>>>> This is an email from DK Hostmaster A/S. This message may contain
>>>> confidential information and is intended solely for the use of the
>>>> intended addressee. If you are not the intended addressee please notify
>>>> the sender immediately and delete this e-mail from your system. You are
>>>> not permitted to disclose, distribute or copy the information in this
>>>> e-mail.
>>>> --------------------------------------------------------------------------
>>>>
>>>>
>>>>
>>>
>>>
>>
>> --
>> Med venlig hilsen/Best Regards
>> Jonas B. Nielsen
>> Software udvikler/Softwaredeveloper
>>
>> DK Hostmaster A/S
>> Kalvebod Brygge 45, 3. sal
>> 1560 København V
>>
>> Tlf. +45 33 64 60 60
>> Mobil: +45 31 54 60 56
>> Fax.: +45 33 64 60 66
>> Email: jonasbn_at_dk-hostmaster.dk
>> Homepage: https://www.dk-hostmaster.dk
>>
>> .dk Danmarks plads på Internettet
>>
>> -------------------------------------------------------------------------
>> Dette er en e-mail fra DK Hostmaster A/S. Denne e-mail kan indeholde
>> fortrolig information, som kun er til brug for den tiltænkte modtager.
>> Hvis du ved en fejl har modtaget denne e-mail, bedes du venligst straks
>> give afsenderen besked om dette og slette e-mailen fra dit system uden
>> at offentliggøre, videresende eller tage kopi af meddelelsen.
>>
>> This is an email from DK Hostmaster A/S. This message may contain
>> confidential information and is intended solely for the use of the
>> intended addressee. If you are not the intended addressee please notify
>> the sender immediately and delete this e-mail from your system. You are
>> not permitted to disclose, distribute or copy the information in this
>> e-mail.
>> --------------------------------------------------------------------------
>>
>>
>>
>
>

--
Med venlig hilsen/Best Regards
Jonas B. Nielsen	
Software udvikler/Softwaredeveloper
DK Hostmaster A/S
Kalvebod Brygge 45, 3. sal
1560 København V
Tlf.      +45 33 64 60 60
Mobil:   +45 31 54 60 56
Fax.:     +45 33 64 60 66
Email:    jonasbn_at_dk-hostmaster.dk
Homepage: https://www.dk-hostmaster.dk
.dk Danmarks plads på Internettet
-------------------------------------------------------------------------
Dette er en e-mail fra DK Hostmaster A/S. Denne e-mail kan indeholde
fortrolig information, som kun er til brug for den tiltænkte modtager.
Hvis du ved en fejl har modtaget denne e-mail, bedes du venligst straks
give afsenderen besked om dette og slette e-mailen fra dit system uden
at offentliggøre, videresende eller tage kopi af meddelelsen.
This is an email from DK Hostmaster A/S. This message may contain
confidential information and is intended solely for the use of the
intended addressee. If you are not the intended addressee please notify
the sender immediately and delete this e-mail from your system. You are
not permitted to disclose, distribute or copy the information in this
e-mail.
--------------------------------------------------------------------------
Received on Thu Feb 14 2013 - 13:50:29 CET

This archive was generated by hypermail 2.3.0 : Fri Feb 06 2015 - 11:39:09 CET