[BlueOnyx:15031] Re: SSL change after updates?
Michael Stauber
mstauber at blueonyx.it
Thu Mar 27 21:16:43 -05 2014
Hi Roy,
> Im not expert, but wouldnt the "hacker" need to somehow get your private
> key first?
Yes, no worries. Michael Aronoff and I were talking about wildcard DNS
records. It's entirely separate from SSL. You can have DNS wildcard
records such as *.domain.com. In that case any subdomain you try to
access goes to (say) www.domain.com.
It is a lazy way of doing DNS records and it can have some undesired
effects.
Let's say you or a client of yours runs a perfectly legitimate online
business under www.domain.com.
For one reason or another this site is configured to use wildcard DNS
records.
Now say a competitor or disgruntled person puts a link on *his* site (or
Facebook or Twitter) to http://frauds-are-us.domain.com and your
wildcard DNS records would happily route all visitors to your
www.domain.com Vsite.
Depending on how you've configured your "web alias redirects" the URL in
the browser would then also show your perfectly fine business page under
the URL of http://frauds-are-us.domain.com
Which might not be what you or your client wanted.
So yeah, wildcard DNS records are possible and I might allow them in
BlueOnyx. But it also must be made sure that people know that it could
lead to technically perfectly fine but still undesired results such as
mentioned above. :-)
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list