Page MenuHomeDevCentral
Create Task
Maniphest T981

Define a policy for acceptable vhosts on Eglide
Closed, ResolvedPublic
Actions

Description

We have a request for a vhost (reverse DNS) suspiciously similar to an existing website.

I'm not sure we should do that. What do you think we should accept/deny for vhosts?

Related Objects
Search...

Event Timeline

dereckson created this task.Aug 15 2016, 22:34
dereckson merged a task: T982: Define a policy for acceptable vhosts on Eglide.Aug 16 2016, 00:30
dereckson moved this task from Backlog to Needs Review / Blocked / Waiting on the User-Dereckson board.
dereckson added a comment.EditedAug 19 2016, 19:46

Summary of previous discussions

@Sandlayth is out on this issue: they consider we should avoid to be too restrictive, and that's only a vhost, so as long as this is decent, that's appropriate.

@dereckson stresses on phishing risk.

dereckson added a comment.Aug 20 2016, 00:58

@Rashk0 any advice?

dereckson added a comment.Sep 11 2016, 01:43

Declined T980 with this rationale I want to include in our policy:

Uniqueness.

§1. The vhost shouldn't be impersonate any existing name, like the domain of a known website.

§2. Are allowed by exemption to §1:

  • clear and immediately recognizable parody
dereckson moved this task from Backlog to Project on the Eglide board.Sep 11 2016, 02:20
dereckson moved this task from Backlog to Eglide on the Servers board.Jan 16 2017, 08:48
dereckson closed this task as Resolved.Jan 23 2017, 12:27

Documented at https://agora.nasqueron.org/Eglide/Policies#Vhosts

Linked at https://agora.nasqueron.org/Operations_grimoire/Policies

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator