Jump to content

EuroDomenii

Members
  • Content Count

    9
  • Joined

  • Last visited

  • Days Won

    1

EuroDomenii last won the day on July 6

EuroDomenii had the most liked content!

About EuroDomenii

  • Rank
    Newbie

Contact Methods

  • Website URL
    http://www.domenii.eu

Profile Information

  • Gender
    Male
  • Location
    Romania

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Our company is an .Eu Accredited Registrar, and the .Eu registry - EURid, offers discounted registrations for the first year. We pass this discount to our clients, so is very useful to have lower registration pricing and higher renewal pricing.
  2. The "buggy" admin_urls ( a,x,in) doesn't exist in blesta. Anyway, blesta should have a validation in place. There are pro and cons security throughobscurity. From my point of view, anyway I shall restrict by IP the admin url. I just love the idea of having one letter admin_url. It's fast and fun.
  3. Configure::set("Route.admin", "x");  also creates problems when viewing invoices.
  4. How to replicate Change /config/routes.php ( see https://www.blesta.com/forums/index.php?/topic/3469-ability-to-change-admin-url/) Configure::set("Route.admin", "a"); 2) Clearing blesta cache from /cache/1/nav/1 3) The 404 not found behaviour is present in many pages from logged client area: -/client/accounts/ -client/contacts/ ( when there’s no contact) -lack of invoice, transactions listings from dashboard Debugging The issue was deceiving, because logged in as admin, everything works flawless. Only after debugging the issue, logged in as a client, I’ve noticed at first run that $controllerClass comes as ClientAccounts, but at subsequent runs comes wrongly as AdminAccounts, that triggers the _404 not found controller, due to lack of permissions. See \web\vendors\minphp\bridge\src\Lib\Dispatcher.php, public static function dispatch($requestUri, $isCli = false) if (!class_exists($controllerClass) || !method_exists($controllerClass, 'preAction')) { throw new Exception( sprintf('%s is not a valid controller', $controllerClass), 404 ); } So for, values like “a”, or “in” for admin_url triggers that behavior. I guess that some kind of escaping is required, but I haven't investigated further. On the other hand , Configure::set("Route.admin", "x"); works flawless. Also, there’s not problem with longer admin paths. But, lazy/efficient admins might prefer one letter url admin. Thx!
  5. In the first place, there was an internal debate regarding domains as plugin versus services. Later on, the mainstream is that domains should remain services. "Domains will almost certainly remain as services but be given a designation as domains so they can be displayed a little differently. That seems to be the simplest way forward. " https://www.blesta.com/forums/index.php?/topic/7197-domain-manager-we-need-your-feedback-on-domains/&do=findComment&comment=52874 "All the world are agreed in this subject. Domains are services and should remain as services. how it should displayed and how the order form should treated is another story. " https://www.blesta.com/forums/index.php?/topic/7197-domain-manager-we-need-your-feedback-on-domains/&do=findComment&comment=60816 According to https://dev.blesta.com/browse/CORE-3053 Add migration for pricing to support a renewal price, there a new columns to existing tables. This means that the new domain manager will be backward compatible? Or still a migration utility is needed, but it will be easier to upgrade, since domains would remain services? Thanks!
  6. What about a fundraising, to speed up development of domain refactoring ? We would jump in with $500 USD .
  7. I guess that the new feature is " Renewal Price Option - Optionally set a renew price that is different from the new price for services." Nice! Don't you have a grosso modo ETA for domain refactoring? I mean, this year will be ready? Or, we are talking about 2-3 years ( let's remember that the initial post is from august 2016). This could be relevant to wait for the feature to land in, or start with existing framework and import later.
  8. I don’t dispute that Blesta isn’t secured by design ( “But Blesta seems to be more secure and a nice and clean software”. http://www.webhostingtalk.com/showthread.php?t=1544179) But every application, with authenticated users, could be vulnerable, at some point, to a Cross-Site Request Forgery (CSRF) or Cross-site Scripting (XSS). The main idea of the workaround is to not store the full passwords of the modules ( registrar modules, hosting modules -Proxmox, Vultr etc), but instead store it into a third party proxy api gateway, https://konghq.com/, setup on your own server. The proxy api gateway will transform only the initial request for an authenticated token, then all the request will be forwarded unchanged. How is this different from an attacker grabbing the full password from blesta module? We can implement rate limiting at proxy level, and validate only allowed api calls ( for example deny delete requests). We’ve posted a more detailed explanation here https://forum.proxmox.com/threads/securing-third-party-application-proxmox-integration-with-proxy-api-gateway.47091/ Thank you!
  9. Every ccTLD, with EPP suppport ,might need further custom adjustments. I guess they aren't encoded files in your module, since is based on https://github.com/AfriCC/php-epp2, under GPL3.0 license
×
×
  • Create New...