Ooooh, how about a pressure sensor on his seat??? Like the ones they have in
cars to make that little airbag light illuminate.
if buttDetected{
allowAccess();
}
On Wed, Sep 15, 2010 at 7:00 PM, Yousif Masoud <yousif.masoud@xxxxxxxxx>wrote:
> On 12/09/10 17:32, tedd wrote:
>
>> Hi gang:
>>
>> I have a client who wants his employees' access to their online business
>> database restricted to only times when he is logged on. (Don't ask why)
>>
>> In other words, when the boss is not logged on, then his employees cannot
>> access the business database in any fashion whatsoever including checking to
>> see if the boss is logged on, or not. No access whatsoever!
>>
>> Normally, I would just set up a field in the database and have that set to
>> "yes" or "no" as to if the employees could access the database, or not. But
>> in this case, the boss does not want even that type of access to the
>> database permitted. Repeat -- No access whatsoever!
>>
>> I was thinking of the boss' script writing to a file that accomplished the
>> "yes" or "no" thing, but if the boss did not log off properly then the file
>> would remain in the "yes" state allowing employees undesired access. That
>> would not be acceptable.
>>
>> So, what methods would you suggest?
>>
>> Cheers,
>>
>> tedd
>>
>> Hi Tedd,
> One aspect of software design to keep in mind is change. Today the
> customer wants everyone to have access when they are logged in. They may
> want that rule relaxed a little. Perhaps, employees can login when members
> of a certain group are logged in.
>
> I recommend using some form of external device that instructs the system to
> enable/disable access to the database. Depending on the sensitivity of the
> data, the solution can utilize a card reader (once the boss takes the card
> out of the reader, database access is terminated for the company) and either
> a fingerprint or retinal scanner [for extra security]. If it is really
> sensitive data, then a retinal scanner and some form of code generator that
> generates one-time eight digit (at least) code to enable access to the
> database. The algorithm that generates the codes would be a deeply guarded
> secret (that would mostly be their problem -- you will need to ensure that
> once you sign off the project, there is no way it can be retrieved from
> you).
>
> No need to shut down the database server, just instruct the firewall to
> block the MySQL port and/or Web server port. Might be a good idea to choose
> a different port than 3306 for MySQL.
>
> What would happen if, for some reason the "boss" couldn't make it in or is
> on Holiday?
>
> Good luck,
> Yousif
>
> PS. It might be a good idea to introduce them to the concept of RBAC and
> see what they think.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
