Re: 1984 (Big Brother)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/09/10 17:32, tedd wrote:
Hi gang:

I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why)
In other words, when the boss is not logged on, then his employees 
cannot access the business database in any fashion whatsoever 
including checking to see if the boss is logged on, or not. No access 
whatsoever!
Normally, I would just set up a field in the database and have that 
set to "yes" or "no" as to if the employees could access the database, 
or not. But in this case, the boss does not want even that type of 
access to the database permitted. Repeat -- No access whatsoever!
I was thinking of the boss' script writing to a file that accomplished 
the "yes" or "no" thing, but if the boss did not log off properly then 
the file would remain in the "yes" state allowing employees undesired 
access. That would not be acceptable.
So, what methods would you suggest?

Cheers,

tedd

Hi Tedd,
One aspect of software design to keep in mind is change. Today the customer wants everyone to have access when they are logged in. They may want that rule relaxed a little. Perhaps, employees can login when members of a certain group are logged in.
I recommend using some form of external device that instructs the system 
to enable/disable access to the database. Depending on the sensitivity 
of the data, the solution can utilize a card reader (once the boss takes 
the card out of the reader, database access is terminated for the 
company) and either a fingerprint or retinal scanner [for extra 
security].  If it is really sensitive data, then a retinal scanner and 
some form of code generator that generates one-time eight digit (at 
least) code to enable access to the database.  The algorithm that 
generates the codes would be a deeply guarded secret (that would mostly 
be their problem -- you will need to ensure that once you sign off the 
project, there is no way it can be retrieved from you).
No need to shut down the database server, just instruct the firewall to 
block the MySQL port and/or Web server port.  Might be a good idea to 
choose a different port than 3306 for MySQL.
What would happen if, for some reason the "boss" couldn't make it in or 
is on Holiday?
Good luck,
Yousif

PS. It might be a good idea to introduce them to the concept of RBAC and see what they think.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux