On Sep 12, 2010, at 4:48 PM, tedd wrote:
At 4:05 PM -0500 9/12/10, Tamara Temple wrote:
Sounds like there are some security concerns here.
On Sep 12, 2010, at 11:32 AM, tedd wrote:
I have a client who wants his employees' access to their online
business database restricted to only times when he is logged on.
(Don't ask why)
I do wonder why, though. Perhaps this is an opportunity to educate
someone about security and privacy and web applications? Does he
feel that by being logged in, he can control every aspect of
connection to the data base? Or even be aware of every access to
the data base? What is he hoping to accomplish be being logged in?
Does he propose to actively monitor the data base transactions in
real time while he's at work? What is he hoping to avoid by
requiring his logged in state before anyone else can access the
data base? Just being logged in won't dissuade a cracker from
attacking his data if they so choose, nor will it prevent a
disgruntled employee from damaging the data while he's logged in if
they have the expertise and means.
Tamara:
I said "Don't ask why"
Wondering isn't asking. I don't personally care why. It's not my
client, not my business, not my problem.
You see, people often have strange notions about "their" business or
unusual ideas about how to do things, That goes with consulting.
While many may find that odd, but some of the most revolutionary
ideas come from such unusual thinking.
I've been in business and technology consulting for years and years,
and very successful at getting customer's desired outcomes. I don't
think their notions "strange" or "unusual" -- just that without
further elicitation, one cannot understand what they are truly
desiring, and to find out what they don't want as an outcome of their
up-front stated goals.
I don't pass judgement. I simply advise (based upon my limited
understanding of things) and let the client make the calls. After
all, he's the one paying the bills and he has answers for the
remainder of your questions.
It's not a question of passing judgement on someone's ideas. It's a
question of finding the best solution for the customer's actual needs
and desires. It's almost always the case that further exploration of
the customer's concerns behind their thoughts has proven to give them
a much more robust and useful solution and gets them what they are
really after. Most people aren't aware of the assumptions and
conclusions they have. Eliciting more information can lead to better
solutions for all. Blind faith in the customer's stated requirements
can lead one to a disastrous conclusion. It's been said all over the
net that customers don't really know what they want until they see it.
Further, that they don't know what they don't want until it happens to
them. I believe in delivering the most value to the customer for their
money, and that means understanding their needs as best as possible,
and that is done by exploring their business models, assumptions, and
needs.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
