On Sun, Sep 12, 2010 at 12:32:21PM -0400, tedd wrote: > Hi gang: > > I have a client who wants his employees' access to their online > business database restricted to only times when he is logged on. > (Don't ask why) > > In other words, when the boss is not logged on, then his employees > cannot access the business database in any fashion whatsoever > including checking to see if the boss is logged on, or not. No access > whatsoever! > > Normally, I would just set up a field in the database and have that > set to "yes" or "no" as to if the employees could access the > database, or not. But in this case, the boss does not want even that > type of access to the database permitted. Repeat -- No access > whatsoever! > > I was thinking of the boss' script writing to a file that > accomplished the "yes" or "no" thing, but if the boss did not log off > properly then the file would remain in the "yes" state allowing > employees undesired access. That would not be acceptable. > > So, what methods would you suggest? I hate to seem flippant, but here would be my conversation with this customer: Customer: "My employees got access to the database while I was gone yesterday!" Consultant: "Well, let's see. Oh, it appears you didn't properly log out." Customer: "Yes, but I was *gone*. They weren't supposed to be able to access the database unless I'm *here*." Consultant: "The only way we know that is if you log in and log out properly. Now, if you like, we can put a nanny-cam in your office, and whenever you're not there (like in the bathroom), the whole thing shuts down. That will cost $x. Your choice. We've been working on the mind-reading extension to PHP, but it's not finished yet." Other than the "boss file", I don't see another way. And as you said, if he doesn't log out properly, the boss file will allow access when he didn't intend to allow it. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
