On Sep 13, 2010, at 17:49, Tim Thorburn <immor...@nwconx.net> wrote:

> On 9/13/2010 9:10 AM, Steve Staples wrote:
>> here's a silly idea...
>> put the database on his computer (or the entire app).  that way, when
>> he's *there* he is logged in.  if the computer is off, he's not there,
>> the app wont work (and the database).
>> Steve
>> On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote:
>>> On 12 September 2010 17:32, tedd<t...@sperling.com>  wrote:
>>>> Hi gang:
>>>> I have a client who wants his employees' access to their online business
>>>> database restricted to only times when he is logged on. (Don't ask why)
>>>> In other words, when the boss is not logged on, then his employees cannot
>>>> access the business database in any fashion whatsoever including checking 
>>>> to
>>>> see if the boss is logged on, or not. No access whatsoever!
>>>> Normally, I would just set up a field in the database and have that set to
>>>> "yes" or "no" as to if the employees could access the database, or not. But
>>>> in this case, the boss does not want even that type of access to the
>>>> database permitted. Repeat -- No access whatsoever!
>>>> I was thinking of the boss' script writing to a file that accomplished the
>>>> "yes" or "no" thing, but if the boss did not log off properly then the file
>>>> would remain in the "yes" state allowing employees undesired access. That
>>>> would not be acceptable.
>>>> So, what methods would you suggest?
>>>> Cheers,
>>>> tedd
>>> What operating system is he using?
>>> Does he (for example), log into his computer and logoff/shutdown when
>>> he goes home?
>>> If he is using Windows (and I'm sure there are many ways to achieve
>>> this), then in the Startup folder, a small PHP script which sets a
>>> flag "I'm here", would allow the DB to know he's at least logged in.
>>> There are different ways to do this.
>>> http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html
>>> covers login/logout/startup/shutdown.
>>> Do they have a clock card system for clocking in/out the building?
>>> Could you read the database that the clockings are logged in? An odd
>>> number for the day = he's in, even = he's out, missed clocking =
>>> screwed/guess.
>>> Ideally you want to "hook" into his normal activity if you can.
>>> -- 
>>> Richard Quadling
>>> Twitter : EE : Zend
>>> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
> I'm pretty sure I'd have run for the hills after my first meeting with this 
> client, but if you're sure you want to proceed ... Beyond the options 
> mentioned, you could set it up so that the boss would log in each morning 
> with a session that times out at the end of the work day (8, 10, 12, w/e 
> hours later).  To make it even more secure, you could have the boss create 
> new logins for each employee at the start of each day.  Since yesterdays 
> passwords will no longer work, the boss will have to be there to issue new 
> passwords to whomever he deems worthy of access on this day.  These passwords 
> would of course expire at the normal leaving time, so if someone came in late 
> for a password at 4pm and work ends at 6pm, their password would only last 
> two more hours.
> All in all, I'd still grill him more about what it is he actually wants and 
> why, as all of the ideas presented thus far have at least a dozen different 
> ways things can go wrong.  Putting the app on the bosses computer sounds 
> great and all, but if he's sick or away on business suddenly no one in the 
> office is doing any work.  Or when his hdd gives out or is replaced and IT's 
> backup system wasn't as great as it could have been you'll have fun getting 
> paid to re-do everything.  Having everything require a usb stick to launch 
> sounds secure, until he loses the stick or forgets it at home one day.  For 
> fun I'd suggest tagging him with a microchip which your application will 
> constantly scan for and only activate when he's within a certain radius of 
> his desk.  Retna scans shouldn't be overlooked either. <insert Mission 
> Impossible theme here>
> May the force be with you on this one.
> -Tim

Well, if we are going down this route, many new laptops are offering some form 
of biometrics for access. If your client has one, you could potentially launch 
a script to start/ stop the db at that time. 

Or if we follow the new password suggestion, his morning login could run a 
script to reset and email all users their passwords automatically. 


Sent from my iPod

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to