At 4:05 PM -0500 9/12/10, Tamara Temple wrote:
Sounds like there are some security concerns here.
On Sep 12, 2010, at 11:32 AM, tedd wrote:
I have a client who wants his employees' access to their online
business database restricted to only times when he is logged on.
(Don't ask why)
I do wonder why, though. Perhaps this is an opportunity to educate
someone about security and privacy and web applications? Does he
feel that by being logged in, he can control every aspect of
connection to the data base? Or even be aware of every access to the
data base? What is he hoping to accomplish be being logged in? Does
he propose to actively monitor the data base transactions in real
time while he's at work? What is he hoping to avoid by requiring his
logged in state before anyone else can access the data base? Just
being logged in won't dissuade a cracker from attacking his data if
they so choose, nor will it prevent a disgruntled employee from
damaging the data while he's logged in if they have the expertise
I said "Don't ask why"
You see, people often have strange notions about "their" business or
unusual ideas about how to do things, That goes with consulting.
While many may find that odd, but some of the most revolutionary
ideas come from such unusual thinking.
For example, take a look at Henry Ford at his investigation and
research to control not only what people work on, but how they
perform their work. Without his efforts, I would think the idea of
the assembly line would have surfaced many years later by someone
else with similar ideas.
I'm sure that many people would look upon Steve Jobs and what he
expects from his employees and think that odd, but look at the
I don't pass judgement. I simply advise (based upon my limited
understanding of things) and let the client make the calls. After
all, he's the one paying the bills and he has answers for the
remainder of your questions.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php