[DBWG] DBWG-2: proposal to auto-generate contents of the mandatory "changed" field in db objects.

Ben Maddison benm at workonline.africa
Tue Aug 4 19:38:04 UTC 2020


Hi all,

On 08/04, Michel ODOU wrote:

> Hi Nishal,

>

> On 04/08/2020 14:34, Nishal Goburdhan wrote:

> >

> > afrinic staff listening in, questions for you:

> > #1 - didn’t you add in auto-generated MNTers a while ago?

>

> Yes, we did some time ago (beginning of 2017). When creating an

> unprotected person/role object, the WHOIS will automatically generate a

> maintainer and send the details to the e-mail attribute(s) value(s).

> That maintainer object cannot be updated, to encourage the users to

> create and use their own maintainers.

>

> > #2 - aren’t all new objects forced to have MNTers?

>

> Technically, the mnt-by attribute remains optional in the person and

> role objects. The WHOIS will automatically create a maintainer to help

> the user and prevent hijacking but nothing prevents the user from

> removing it (and thus purposely leave the object unprotected) if they

> wish to do so. A warning will be printed when the last mnt-by attribute

> is removed though.

>

> Otherwise, all the other objects have a mandatory mnt-by attribute.

>

> > #3 - what, if any, objects don’t have MNTers nowadays?

>

> If the object without mnt-by is a person or role object, nothing will

> happen. It can be modified or taken over by anyone but this is compliant

> with the template. If the object is not a person or role object, then

> the WHOIS will not allow such an object to be updated.

>

Thanks for the clarifications Michel.

I think that having globally writable objects of any description is a
bad idea.
Someone will eventually work out how to cause harm by exploiting that.

I'd suggest that the first order of business on this topic should
therefore be closing this gap.

Couple of questions, so help me formulate how we might do that:

- Are there currently any objects of types other than role or person
that have no mnt-by:?
- Are there any person objects with my.afrinic access that have no
mnt-by?

Cheers,

Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20200804/48581551/attachment.sig>


More information about the DBWG mailing list