On Wed, Jan 11, 2017 at 4:27 PM, Wayne Thayer <wtha...@godaddy.com> wrote: > Our process for verifying domain control via a change to the website worked > by generating a random alphanumeric code. The code was then placed in a file > in the root directory of the website. The structure of the filename is > <code>.html. Our system queries for that URL and looks for the code in the > response. > > Our initial response as reported yesterday was to fix the bug introduced in > July. Based on internal discussions and comments here, as of 12 midnight PST > last night (1/11) we stopped using this method of file based domain control > validation.
Thanks Wayne. I realize that was probably a hard decision to make, but it does sound like the right one, at least for the time being. I definitely appreciate the engagement and reporting here, as it shows the benefit of the public conversation - namely, being able to gather additional information and feedback and make sure that the issue is resolved. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy