: Is an externally-hosted subdomain a security risk? A company I've been developing a web site for wants to keep their current domain, which is something like company.parentcompany.com. Because we
A company I've been developing a web site for wants to keep their current domain, which is something like company.parentcompany.com. Because we wanted to use a different CMS, the parent company refused to support or even host it and asked us to pay for third-party hosting.
Now that we've done that, they won't make an A record for the subdomain pointing at the new server, stating that it is a security risk. I'm not a DNS expert by any means, but this sounds like total BS to me. I've seen this discussed several times, but I've never seen anyone raise security issues.
Can I fight this, or are they really correct?
More posts by @Shelton105
1 Comments
Sorted by latest first Latest Oldest Best
Different subdomains can share cookies (depends on the cookie path used), and thus the third party could steal cookies used to authenticate on the main domain. This is also the case if your CMS gets hacked.
You could get a new domain for your new website and setup a redirect on your old domain. That should take care of most security issues.
There might also be some issues regarding cross site scripting. I think your externally hosted website might be allowed to make requests to the parent site with the parent site's cookies. But I've never tried it, so I don't know if the browsers send the .parentsite cookies in that case too.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.