Is there a security risk for allowing people to set their DNS so their own subdomains can be route to my server?
Posted
by
DantheMan
on Server Fault
See other posts from Server Fault
or by DantheMan
Published on 2011-06-21T22:28:17Z
Indexed on
2011/06/22
0:25 UTC
Read the original article
Hit count: 425
Lets say that I have a web application, built in Django and deployed with Nginx.
Is it a good idea to offer a service that allows customers to request that a subdomain can be pointed at it.
I figured this:
If I dont allow this, then some companies wont want to access the service from
http://mydjangoappmadeupname.com/bigcorporation/
They would rather access it through
http://service.bigcorporation.com
That would effectively mask that they are using an outside resource.
Is there a significant risk that I am overlooking? Also do you think it would be easier to just set things up in Django to handle it, allowing Nginx to accept all domains and then pushing them to Django which would filter out if they are allowed or not, or would it be better to just update my Nginx log each time a client wanted this changed?
© Server Fault or respective owner