Backdoors are inherently dangerous. If found out, they can be exploited to
hack into your client's system.
What do you do if the client phones up and they have lost their password
to access your app ?
Integrate with active directory and you never have to worry about passwords,
etc. again. Push the problem back to the client and let their IT dept sort
it out themselves.
What do you do if the user has sent their database over for some fault
finding and you cant access it without the clients password ?
Surely, you can compile a local version of the application that does not
require passwords.
What do you do when you are contracting and you want to prove you did
[snip]
Source Control.
Furthermore, if you have been contracted to work as part of a team, then by
virtue of your source code check-in's, you have proved that you did the
work.
Otherwise, if you have been contracted to complete an application / module,
outside of the team, then the delivery of the application / module is proof
enough!
In any case, I think putting your name into source code is very poor
practise. It is better to write good requirements and add comments rather
than rely on the knowledge of the programmer. Use source control to keep an
audit trail of changes.
----- Original Message -----
From: "Rohit Gupta" <[EMAIL PROTECTED]>
To: "NZ Borland Developers Group - Delphi List" <[email protected]>
Sent: Thursday, May 04, 2006 10:51 AM
Subject: Re: [DUG] In case you're interested (or buy stuff)
Really !!
What do you do if the client phones up and they have lost their password
to access your app ?
What do you do if the user has sent their database over for some fault
finding and you cant access it without the clients password ?
What do you do when you are contracting and you want to prove you did the
work, but the idiotic contractee keeps removing all reference to you from
the code ? One memorable instance of this was when I wrote a CPM clone
optimised for Z80 for Sord Computers and they kept removing my name from
the code. Eventually I had to invent an error message and code that
looked legit. But if three specific keys were pressed simultaneously, it
popped up a message saying that I wrote it.
We generally have a continuously variable master password to let us in as
a legit user. There are also various environment variables, registry
entries and ini file settings that allow us to maintain the system
effectively.
For any of these to work, we need physical access to the machine with the
app and database. We dont any remotely controlled access.
Heres an interesting point relating to Elsie4, the Bonus Bonds app. It
runs on Windows but Windows has been restricted and hobbled so that you
can not do anything else but run the app. When the device is at our
office, we can still get in though to change printers or apply updates
etc. Is this a back door ?
tracey wrote:
Your only app without a back door???
That sounds pretty scary to me. How many other devs leave back doors???
_______________________________________________
Delphi mailing list
[email protected]
http://ns3.123.co.nz/mailman/listinfo/delphi
_______________________________________________
Delphi mailing list
[email protected]
http://ns3.123.co.nz/mailman/listinfo/delphi
