1984 (Big Brother)
in [General]
|
Prev: How to handle a submitted form with no changes -- bestpractices sought
Next: Counting Children!
From: Nathan Rixham on 14 Sep 2010 22:08 Daniel Brown wrote: > On Mon, Sep 13, 2010 at 19:47, Micky Hulse <mickyhulse.lists(a)gmail.com> wrote: >> Motion sensing camera connected to a mechanical pointer stick aimed to >> trigger the server power button. >> >> On his way out of the office: >> >> Clap on/clap off Clapper connected to computer power cable. > > It would be cheaper to employ the same method used on some > lawnmowers and required on Jet Skis and Skidoos: a cable with a clip > worn by the rider. The rider falls off, the cable releases from the > vehicle, disengaging the throttle and cutting the engine. The boss > stands up, his entire infrastructure collapses, everyone's connections > are closed, and all PCs subsequently catch fire. I fear this is the implementation needed to make "boss" see sense, however.. > Realistically, a simple desktop-based application running in the > system tray (presuming Windows) would send a kill signal to a > predefined script to issue safe closing routines to the database > first, then any other systems he wants to close out. It could even > have simple options to poll if there's a screensaver activated, which > would initiate the process automatically, should he choose to be > extremely paranoid. The same could be automated to work in reverse, > to automatically bring the systems up, when the local desktop session > becomes active (from hibernation, logoff, or screensaver), or even > with an override ("Pause Sessions") by right-clicking the systray > icon. The main problem here is in using a stateless protocol (HTTP) in a stateful manner (with sessions), it makes this, technically, impossible. That said, you could do this in a stateless manner quite easily by giving the boss full control of granting and denying access, that way he is always accountable (with his described nature, it might be good for the buck to stop with him, rather than your code). I'd suggest having a simple boolean flag, usersCanAccess and giving him a button to toggle the flags state from true to false. Real life implementation could be an empty file which is `touch`ed and `unlink`ed, php implementation being an if(file_exists('boss_man_say_okay') ){ // let monkeys work } type solution. Best, Nathan
From: Marc Guay on 15 Sep 2010 09:15 > if(file_exists('boss_man_say_okay') ){ // let monkeys work } Is there an acronym for the sound of sad, knowing laughter?
From: Yousif Masoud on 15 Sep 2010 19:00 On 12/09/10 17:32, tedd wrote: > Hi gang: > > I have a client who wants his employees' access to their online > business database restricted to only times when he is logged on. > (Don't ask why) > > In other words, when the boss is not logged on, then his employees > cannot access the business database in any fashion whatsoever > including checking to see if the boss is logged on, or not. No access > whatsoever! > > Normally, I would just set up a field in the database and have that > set to "yes" or "no" as to if the employees could access the database, > or not. But in this case, the boss does not want even that type of > access to the database permitted. Repeat -- No access whatsoever! > > I was thinking of the boss' script writing to a file that accomplished > the "yes" or "no" thing, but if the boss did not log off properly then > the file would remain in the "yes" state allowing employees undesired > access. That would not be acceptable. > > So, what methods would you suggest? > > Cheers, > > tedd > Hi Tedd, One aspect of software design to keep in mind is change. Today the customer wants everyone to have access when they are logged in. They may want that rule relaxed a little. Perhaps, employees can login when members of a certain group are logged in. I recommend using some form of external device that instructs the system to enable/disable access to the database. Depending on the sensitivity of the data, the solution can utilize a card reader (once the boss takes the card out of the reader, database access is terminated for the company) and either a fingerprint or retinal scanner [for extra security]. If it is really sensitive data, then a retinal scanner and some form of code generator that generates one-time eight digit (at least) code to enable access to the database. The algorithm that generates the codes would be a deeply guarded secret (that would mostly be their problem -- you will need to ensure that once you sign off the project, there is no way it can be retrieved from you). No need to shut down the database server, just instruct the firewall to block the MySQL port and/or Web server port. Might be a good idea to choose a different port than 3306 for MySQL. What would happen if, for some reason the "boss" couldn't make it in or is on Holiday? Good luck, Yousif PS. It might be a good idea to introduce them to the concept of RBAC and see what they think.
From: Matty Sarro on 15 Sep 2010 19:53 Ooooh, how about a pressure sensor on his seat??? Like the ones they have in cars to make that little airbag light illuminate. if buttDetected{ allowAccess(); } On Wed, Sep 15, 2010 at 7:00 PM, Yousif Masoud <yousif.masoud(a)gmail.com>wrote: > On 12/09/10 17:32, tedd wrote: > >> Hi gang: >> >> I have a client who wants his employees' access to their online business >> database restricted to only times when he is logged on. (Don't ask why) >> >> In other words, when the boss is not logged on, then his employees cannot >> access the business database in any fashion whatsoever including checking to >> see if the boss is logged on, or not. No access whatsoever! >> >> Normally, I would just set up a field in the database and have that set to >> "yes" or "no" as to if the employees could access the database, or not. But >> in this case, the boss does not want even that type of access to the >> database permitted. Repeat -- No access whatsoever! >> >> I was thinking of the boss' script writing to a file that accomplished the >> "yes" or "no" thing, but if the boss did not log off properly then the file >> would remain in the "yes" state allowing employees undesired access. That >> would not be acceptable. >> >> So, what methods would you suggest? >> >> Cheers, >> >> tedd >> >> Hi Tedd, > One aspect of software design to keep in mind is change. Today the > customer wants everyone to have access when they are logged in. They may > want that rule relaxed a little. Perhaps, employees can login when members > of a certain group are logged in. > > I recommend using some form of external device that instructs the system to > enable/disable access to the database. Depending on the sensitivity of the > data, the solution can utilize a card reader (once the boss takes the card > out of the reader, database access is terminated for the company) and either > a fingerprint or retinal scanner [for extra security]. If it is really > sensitive data, then a retinal scanner and some form of code generator that > generates one-time eight digit (at least) code to enable access to the > database. The algorithm that generates the codes would be a deeply guarded > secret (that would mostly be their problem -- you will need to ensure that > once you sign off the project, there is no way it can be retrieved from > you). > > No need to shut down the database server, just instruct the firewall to > block the MySQL port and/or Web server port. Might be a good idea to choose > a different port than 3306 for MySQL. > > What would happen if, for some reason the "boss" couldn't make it in or is > on Holiday? > > Good luck, > Yousif > > PS. It might be a good idea to introduce them to the concept of RBAC and > see what they think. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
From: Phpster on 15 Sep 2010 20:36
Next we'll be suggesting sharks with frikking laser attached to their heads to guard the door! Bastien Sent from my iPod On Sep 15, 2010, at 19:53, Matty Sarro <msarro(a)gmail.com> wrote: > Ooooh, how about a pressure sensor on his seat??? Like the ones they have in > cars to make that little airbag light illuminate. > > if buttDetected{ > allowAccess(); > } > > On Wed, Sep 15, 2010 at 7:00 PM, Yousif Masoud <yousif.masoud(a)gmail.com>wrote: > >> On 12/09/10 17:32, tedd wrote: >> >>> Hi gang: >>> >>> I have a client who wants his employees' access to their online business >>> database restricted to only times when he is logged on. (Don't ask why) >>> >>> In other words, when the boss is not logged on, then his employees cannot >>> access the business database in any fashion whatsoever including checking to >>> see if the boss is logged on, or not. No access whatsoever! >>> >>> Normally, I would just set up a field in the database and have that set to >>> "yes" or "no" as to if the employees could access the database, or not. But >>> in this case, the boss does not want even that type of access to the >>> database permitted. Repeat -- No access whatsoever! >>> >>> I was thinking of the boss' script writing to a file that accomplished the >>> "yes" or "no" thing, but if the boss did not log off properly then the file >>> would remain in the "yes" state allowing employees undesired access. That >>> would not be acceptable. >>> >>> So, what methods would you suggest? >>> >>> Cheers, >>> >>> tedd >>> >>> Hi Tedd, >> One aspect of software design to keep in mind is change. Today the >> customer wants everyone to have access when they are logged in. They may >> want that rule relaxed a little. Perhaps, employees can login when members >> of a certain group are logged in. >> >> I recommend using some form of external device that instructs the system to >> enable/disable access to the database. Depending on the sensitivity of the >> data, the solution can utilize a card reader (once the boss takes the card >> out of the reader, database access is terminated for the company) and either >> a fingerprint or retinal scanner [for extra security]. If it is really >> sensitive data, then a retinal scanner and some form of code generator that >> generates one-time eight digit (at least) code to enable access to the >> database. The algorithm that generates the codes would be a deeply guarded >> secret (that would mostly be their problem -- you will need to ensure that >> once you sign off the project, there is no way it can be retrieved from >> you). >> >> No need to shut down the database server, just instruct the firewall to >> block the MySQL port and/or Web server port. Might be a good idea to choose >> a different port than 3306 for MySQL. >> >> What would happen if, for some reason the "boss" couldn't make it in or is >> on Holiday? >> >> Good luck, >> Yousif >> >> PS. It might be a good idea to introduce them to the concept of RBAC and >> see what they think. >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> |