North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ARIN Policy on IP-based Web Hosting

  • From: Sabri Berisha
  • Date: Fri Sep 01 23:31:25 2000

On Tue, 29 Aug 2000, Roland Dobbins wrote:

> The SSL issue is a real one, and I don't know how to get around it.  

It's not the only one.

I happen to work for a hosting isp and we have had many discussions on
this one. None of my collegues have been able to give me the solution to
the following issue:

As we all know, cname hosting is based on the same IP. Using the IP of a
site could be a form of securitychecking. Let me explain: 

Imagine we have a site on www.foo.bar with the IP 10.0.0.1.

Now we have a customer that wants to put sensitive information on
www.foo.bar/customersite.

This information would me far more secure if the customer would link to
http://10.0.0.1/customersite instead of http://www.foo.bar/customersite.
Why? It's simple; imagine some lamer writing a trojan that would change
your /etc/hosts or C:\windows\hosts files... 

It happened to a bank in The Netherlands about 2 years ago (published in
the magazine Computer Idee for the dutch readers).

I think cname hosting will be unavoidable (is that correct english?) in
the next few months but every hosting company should be given enough IP's
to offer ip-based hosting too, even if it's nog going to be the standard
package...

And then we are not even talking about those nice PTR records for a host
which (I admit) are purely cosmetic but I think it will be a way of being
"cool" if you have a PTR for your A when cname hosting get's The Usual Way
of business.

-- 
Sabri Berisha   `~*-[vuurwerk internet]  bofv-ripe@whois.ripe.net
		Linux / FreeBSD Scriptkiddo
     	           hoping-to-be-ccnp-soon
	      my personal opinion yadda yadda