For those of you who do not know what is stargateinc.com, they are an ICANN accredited domain registrar and web hosting service provider. I have been using the services of stargateinc.com for over two years (thanks to Chirag Dhawan for that). But this time it was slightly different from the usual.
Recently I booked another domain name (thanks to CD again for that). But somehow I lost both the username and password (that is a different story altogether). What do I do now! Well I went to their (stargateinc.com) password recovery form submitted my domain name and lo and behold I was sent the new username and password by email.
I logged in using the new username/ password pair and could change any of them. So far so good. But what is the problem?
Well the problem is somehow stargate.com map the domain name to a username/password pair. And the mapping is one to many for the username/password with the domain names.
So how does it affect me?
Suppose if I book a domain dom1.tld with username/password user1/pass1 and you booked another domain dom2.tld with username/password user2/pass2.
Somehow suppose I accidentally or intentionally change my username/password to user2/ pass2 then I'll have administrative control of your domain as well. That is what I did, no I didnt hacked or cracked someone elses domain, both domains were mine. The second domain I booked at stargateinc.com was under a different username, when I changed the username/password to that of my first domain I got both of them listed under a single username/password pair.
I dunno if it is a feature or a bug, but I am sure this is not good engineering, hope Stargate improves its authentication method.
Footnote: In early 2005, Stargate changed their domain management Interface and this new Interface rocks. I still havn't been able to find any problem.
![[I am an FSF Associate Member]](files/fsfmember.png "[I am an FSF Associate Member]"){kind=small}