Chris, Can you let us know when this issue is finalised as I for one need to engage the services of a software engineer to write another script and § $100 per hour don't want to get him back time and again for reworks. Rod Keys -----Original Message----- From: Chris Disspain [mailto:ceo§auda.org.au] Sent: Tuesday, July 29, 2003 9:41 AM To: DNS List Subject: [DNS] password recovery tool All, auDA's password recovery tool was put in place specifically to deal with those domain names for which we are providing 'temporary' registrar services (net.au, org.au and some com.au). Behind it sits a mechanism to recover your password in the event that the email address in the database is incorrect. Use of that manual fax form also has the effect of enabling the email address in the data base to be updated. auDA provides this service for the registrants for which it is currently a temporary registrar. The service has been disabled for all other domain names for several reasons. Firstly, auDA was concerned that email contact addresses could be delivered for the whole of the data base through this tool. Our logs do not show any pattern of heavy querying at all but, none the less, it is a possibility. Secondly, some registrars had chosen to refer customers to this tool rather than supplying one of their own or using the one supplied to registrars by AusRegistry. Thirdly, some registrants, having been referred to the tool by their registrar were under the impression that they could use the manual password recovery system to get their password even though auDA was not their registrar. This has lead to registrants experiencing frustration and delays in password recovery. What should happen is that each registrar should provide their own password recovery tool that only delivers a result for domain names for which they are registrar. There are a couple of ways this could work. Either it can display the email address for the registrant to check and then submit for an electronic delivery of password or move to manual recovery OR it can refer the registrant to whois first to check that the email address is correct. In the end it's a balance between a level of customer service and security. We are still working on this issue and more changes may occur as we test methods of creating the right balance. Regards, Chris Disspain CEO - auDA ceo§auda.org.au www.auda.org.auReceived on Fri Oct 03 2003 - 00:00:00 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:07 UTC