Implications on automatically "open" third party domain aliasing to one of my subdomains
- by Giovanni
I have a domain, let's call it www.mydomain.com where I have a portal with an active community of users.
In this portal users cooperate in a wiki way to build some "kind of software".
These software applications can then be run by accessing "public.mydomain.com/softwarename"
I then want to let my users run these applications from their own subdomains. I know I can do that by automatically modifying the.htaccess file. This is not a problem.
I want to let these users create dns aliases to let them access one specific subdomain. So if a user "pippo" that owns "www.pippo.com" wants to run software HelloWorld from his own subdomains he has to:
Register to my site
Create his own subdomain on his own site, run.pippo.com
From his DNS control panel, he creates a CNAME record "run.pippo.com" pointing to "public.mydomain.com"
He types in a browser http://run.pippo.com/HelloWorld
When the software(that is physically run on my server) is called, first it checks that the originating domain is a trusted one. I don't do any other kind of check that restricts software execution.
From a SEO perspective, I care about Google indexing of www.mydomain.com but I don't care about indexing of public.mydomain.com
What are the possible security implications of doing this for my site?
Is there a better way to do this or software that already does this that I can use?