Re: Re: Code Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



@Taco, Read back through the whole thread and you will understand. Ethan
just can't do what he wants to with PHP.
On Feb 18, 2015 9:59 AM, "Taco Mathijs Hillenaar-Meerveld" <
tm.hillenaar@xxxxxxxxx> wrote:

> Sorry if i misread and put my reply in a wrong context.
> but from how i read this question it is all about preventing a user to open
> a terminal window.
>
> if Mr. Nice is logged in then i assume he has all rights as the topic
> starter is afraid Mr. ugly can look at his code.
>
> as far as i know it is not common practice to work direct on a server and
> have all rights and allow other people using that computer when connected
> to the specific server.
> Ethan also pointed out that he made a POS (Point of Sale) program to work
> in that store. there are 2 account types: 1>admin  2>worker.
>
> the worker should not have any rights and the admin account should only be
> able to change/edit things within that program.
> --------
>
> i don't see why anyone (the admin included) would need to have access on
> the stand alone server apart for maintainance duties to keep it all up and
> running.
> the server needs to be locked in a server room or another place that will
> fit. but definately locked.
>
> if someone can get on that server through a terminal it will mean something
> has gone horrible wrong.
>
> i am not sure if Ethan is trolling though. but if i understand his question
> right and it's a honest question, it sounds kind of weird to me.
>
> when i get an order to install a server, my first question would be like:
> - who is going to use it?
> - who has access to it?
> - who need to have access to it?
> - where will this server be placed? (server room, datacenter, store).
>
> once the server is installed i have a root account, an admin account with
> certain rights and i have made a couple of 'administrator groups' . the
> programs like apache are in this group aswell. but this has nothing to do
> with the administrator account from the POS.
>
> so are we here talking about securing the code of the POS and its content
> or are we talking about the basics of securing a Linux server?
> if it is the latter, the Topic starter better read about how to secure his
> server. btw, i'm wondering what his question has got to do with PHP and
> databases :-/
>
> in addition:
>
> *as soon we talk about 'looking at code' and 'user is logged in as an
> administrator with all rights to delete content' you will make ANY
> administrator*
> *nervous :) i know a couple of admins, trust me, they are paranoid and
> won't trust anyone near their machines. not to speak about getting access
> to a server!*
>
>
> On Fri, Feb 13, 2015 at 6:28 PM, Guru <nagendra802000@xxxxxxxxx> wrote:
>
> > Put a redirect code in www folder to your index page.
> > On Feb 13, 2015 10:55 PM, "Karl DeSaulniers" <karl@xxxxxxxxxxxxxxx>
> wrote:
> >
> > > Set up a password or a salt that Mr. Nice has to call you to get and
> > > expires on logout.
> > >
> > > Lol
> > >
> > > Best,
> > > Karl
> > >
> > >
> > > Sent from losPhone
> > >
> > > > On Feb 13, 2015, at 8:47 AM, erosenberg@xxxxxxxxxxxxxxxxxxxx wrote:
> > > >
> > > >
> > > > Ethan,
> > > > It seems like you're looking for a programmatic solution to a
> physical
> > > > security problem. In the end, your most viable solution will likely
> > > > be to train Mr. Goodguy to remove the key the same way he needs to
> > > > remember his ATM card after a withdrawal. I've seen programmatic
> > > > work-arounds to solve similar issues, but they have always ended up
> > > > being significantly arduous for the end users...
> > > > Respectfully,
> > > > Joshua D. Arneson
> > > > -----Original Message-----From: Ethan Rosenberg
> > > > [mailto:erosenberg@xxxxxxxxxxxxxxxxxxxx] Sent: Friday, February 13,
> > > > 2015 9:12 AMTo: php-db@xxxxxxxxx.netSubject: Re:  Code
> > > > Security
> > > > On 02/13/2015 02:58 AM, Karl DeSaulniers wrote:> Prevent THIS from
> > > > ever happening.>> On Feb 12, 2015, at 11:03 PM, Ethan Rosenberg
> > > > wrote:>>> He asks Mr.[naive]Nice if he could look at the computer
> > > > while it is logged in.>>> Otherwise, I would say an external key that
> > > > has a salt stored on it that the user has to insert in the computer
> > > > before the system can be accessed.> Like an access key card.
> Immediate
> > > > shut down when tampered and/or removed.>> Just a stab in the dark
> > > > though.>> Best,>> Karl DeSaulniers> Design Drumm
> > > > Karl -
> > > > Thanks.
> > > > The key is already plugged in. Mr [Naive] Nice is using the computer,
> > > > and is logged in. Mr. Ugly just want to "look at" the computer.
> > > > Ethan--
> > > > Joshua -
> > > > My apologies for an HTML message.  That is all I have at work.
> > > >
> > > > How about this -
> > > > Block access to Ctrl-Alt-Del for Mr. Nice.
> > > > TIA
> > > > Ethan
> > > >
> > > >
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
>

[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux