Sending the authinfo by email to admin-c

[Remitur]

Hello.

 

A user of WHCMS can see directly the authinfo of every domain of him.

 

This is wrong and a security fault (even if more or less every registrar in the world make the authinvo available on screen).

It's a fault because with some TLD (.ie. .it) the authinfo is all you need to trasfer and trade the domain: no other check by email is required.

So, anyone can access to your WHMCS control panel, can access to the authinfo of every domain of yours.

And if he keep note of them, he can transfer and trade them even years later...

 

The solution is not showing the authinfo in the control panel, but to send it by email to admin-c or registrant contact of the domain.

 

And my question is: does exist any way, any trick, any plugin or module to do so?

[othellotech]

Whether an authorisation/epp code is displayed or emailed is dependant on what registrar module(s) you use - each registrar implements it differently

[Remitur]

Whether an authorisation/epp code is displayed or emailed is dependant on what registrar module(s) you use - each registrar implements it differently

 

Sure?

I work with three different registrars (Opensrs, Resellerclub, hexonet).

For any domain the authinfo request drive the customer to following URL:

domain.ext/clientarea.php?action=domaingetepp&domainid=5

which (I think) is a common page of the "Six" template... isn't it?

There's any other Registrar which has different behaviour in this page?

Any way, any idea to how override it?

[WHMCS John]

Hi,

eNom is one which springs to mind; they email the EPP code to the registrant.

 

We can't change how the registrar's API handles EPP codes I'm afraid.