Re: [PHP] 1984 (Big Brother)

2010-09-17 Thread TR Shaw
I guess I need to chime in. Besides the fact that his is a moron - the customer 
is always right - at least as long as he is paying

OK simplest way to handle this is:

1) Set the_db ownership and permissions to 

chown theboss:employees the_db
chmod 0700 the_db

2) Attach a script to his login script that does
chmod 0770 the_db

2) Attach a script to his logout script that does
chmod 0700 the_db

Remind him that he must logout normally to lock the DB



On Sep 12, 2010, at 12:37 PM, Joshua Kehn wrote:

 Tedd-
 
 Would he consider access to another database? I.e. a separate, say memcached 
 db which stores the boss status?
 
 An issue with the temporary file would also be session length, if the session 
 expires without the user explicitly logging off, the file wouldn't be 
 removed. A way to bypass this would be to add some sort of session expiration 
 header to the file and update that.
 
 And couldn't you make a simple check if the boss is logged in or not by the 
 ability to access the database? 
 
 Regards,
 
 -Josh 
 
 Joshua Kehn | josh.k...@gmail.com
 http://joshuakehn.com
 
 On Sep 12, 2010, at 12:32 PM, tedd wrote:
 
 Hi gang:
 
 I have a client who wants his employees' access to their online business 
 database restricted to only times when he is logged on. (Don't ask why)
 
 In other words, when the boss is not logged on, then his employees cannot 
 access the business database in any fashion whatsoever including checking to 
 see if the boss is logged on, or not. No access whatsoever!
 
 Normally, I would just set up a field in the database and have that set to 
 yes or no as to if the employees could access the database, or not. But 
 in this case, the boss does not want even that type of access to the 
 database permitted. Repeat -- No access whatsoever!
 
 I was thinking of the boss' script writing to a file that accomplished the 
 yes or no thing, but if the boss did not log off properly then the file 
 would remain in the yes state allowing employees undesired access. That 
 would not be acceptable.
 
 So, what methods would you suggest?
 
 Cheers,
 
 tedd
 
 -- 
 ---
 http://sperling.com/
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-17 Thread viraj

 Remind him that he must logout normally to lock the DB

if you follow the thread closely, this is a requirement. boss may not
logout properly :)

that's why all suggest a mechanical ways for the job. pressure
sensors, cameras etc etc

~viraj




 On Sep 12, 2010, at 12:37 PM, Joshua Kehn wrote:

 Tedd-

 Would he consider access to another database? I.e. a separate, say memcached 
 db which stores the boss status?

 An issue with the temporary file would also be session length, if the 
 session expires without the user explicitly logging off, the file wouldn't 
 be removed. A way to bypass this would be to add some sort of session 
 expiration header to the file and update that.

 And couldn't you make a simple check if the boss is logged in or not by the 
 ability to access the database?

 Regards,

 -Josh
 
 Joshua Kehn | josh.k...@gmail.com
 http://joshuakehn.com

 On Sep 12, 2010, at 12:32 PM, tedd wrote:

 Hi gang:

 I have a client who wants his employees' access to their online business 
 database restricted to only times when he is logged on. (Don't ask why)

 In other words, when the boss is not logged on, then his employees cannot 
 access the business database in any fashion whatsoever including checking 
 to see if the boss is logged on, or not. No access whatsoever!

 Normally, I would just set up a field in the database and have that set to 
 yes or no as to if the employees could access the database, or not. But 
 in this case, the boss does not want even that type of access to the 
 database permitted. Repeat -- No access whatsoever!

 I was thinking of the boss' script writing to a file that accomplished the 
 yes or no thing, but if the boss did not log off properly then the file 
 would remain in the yes state allowing employees undesired access. That 
 would not be acceptable.

 So, what methods would you suggest?

 Cheers,

 tedd

 --
 ---
 http://sperling.com/

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-15 Thread Marc Guay
 if(file_exists('boss_man_say_okay') ){ // let monkeys work }

Is there an acronym for the sound of sad, knowing laughter?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-15 Thread Yousif Masoud

On 12/09/10 17:32, tedd wrote:

Hi gang:

I have a client who wants his employees' access to their online 
business database restricted to only times when he is logged on. 
(Don't ask why)


In other words, when the boss is not logged on, then his employees 
cannot access the business database in any fashion whatsoever 
including checking to see if the boss is logged on, or not. No access 
whatsoever!


Normally, I would just set up a field in the database and have that 
set to yes or no as to if the employees could access the database, 
or not. But in this case, the boss does not want even that type of 
access to the database permitted. Repeat -- No access whatsoever!


I was thinking of the boss' script writing to a file that accomplished 
the yes or no thing, but if the boss did not log off properly then 
the file would remain in the yes state allowing employees undesired 
access. That would not be acceptable.


So, what methods would you suggest?

Cheers,

tedd


Hi Tedd,
One aspect of software design to keep in mind is change.  Today the 
customer wants everyone to have access when they are logged in.  They 
may want that rule relaxed a little.  Perhaps, employees can login when 
members of a certain group are logged in.


I recommend using some form of external device that instructs the system 
to enable/disable access to the database. Depending on the sensitivity 
of the data, the solution can utilize a card reader (once the boss takes 
the card out of the reader, database access is terminated for the 
company) and either a fingerprint or retinal scanner [for extra 
security].  If it is really sensitive data, then a retinal scanner and 
some form of code generator that generates one-time eight digit (at 
least) code to enable access to the database.  The algorithm that 
generates the codes would be a deeply guarded secret (that would mostly 
be their problem -- you will need to ensure that once you sign off the 
project, there is no way it can be retrieved from you).


No need to shut down the database server, just instruct the firewall to 
block the MySQL port and/or Web server port.  Might be a good idea to 
choose a different port than 3306 for MySQL.


What would happen if, for some reason the boss couldn't make it in or 
is on Holiday?


Good luck,
Yousif

PS. It might be a good idea to introduce them to the concept of RBAC and 
see what they think.




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-15 Thread Matty Sarro
Ooooh, how about a pressure sensor on his seat??? Like the ones they have in
cars to make that little airbag light illuminate.

if buttDetected{
allowAccess();
}

On Wed, Sep 15, 2010 at 7:00 PM, Yousif Masoud yousif.mas...@gmail.comwrote:

 On 12/09/10 17:32, tedd wrote:

 Hi gang:

 I have a client who wants his employees' access to their online business
 database restricted to only times when he is logged on. (Don't ask why)

 In other words, when the boss is not logged on, then his employees cannot
 access the business database in any fashion whatsoever including checking to
 see if the boss is logged on, or not. No access whatsoever!

 Normally, I would just set up a field in the database and have that set to
 yes or no as to if the employees could access the database, or not. But
 in this case, the boss does not want even that type of access to the
 database permitted. Repeat -- No access whatsoever!

 I was thinking of the boss' script writing to a file that accomplished the
 yes or no thing, but if the boss did not log off properly then the file
 would remain in the yes state allowing employees undesired access. That
 would not be acceptable.

 So, what methods would you suggest?

 Cheers,

 tedd

  Hi Tedd,
 One aspect of software design to keep in mind is change.  Today the
 customer wants everyone to have access when they are logged in.  They may
 want that rule relaxed a little.  Perhaps, employees can login when members
 of a certain group are logged in.

 I recommend using some form of external device that instructs the system to
 enable/disable access to the database. Depending on the sensitivity of the
 data, the solution can utilize a card reader (once the boss takes the card
 out of the reader, database access is terminated for the company) and either
 a fingerprint or retinal scanner [for extra security].  If it is really
 sensitive data, then a retinal scanner and some form of code generator that
 generates one-time eight digit (at least) code to enable access to the
 database.  The algorithm that generates the codes would be a deeply guarded
 secret (that would mostly be their problem -- you will need to ensure that
 once you sign off the project, there is no way it can be retrieved from
 you).

 No need to shut down the database server, just instruct the firewall to
 block the MySQL port and/or Web server port.  Might be a good idea to choose
 a different port than 3306 for MySQL.

 What would happen if, for some reason the boss couldn't make it in or is
 on Holiday?

 Good luck,
 Yousif

 PS. It might be a good idea to introduce them to the concept of RBAC and
 see what they think.



 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php




Re: [PHP] 1984 (Big Brother)

2010-09-15 Thread Phpster
Next we'll be suggesting sharks with frikking laser attached to their heads to 
guard the door!

Bastien

Sent from my iPod

On Sep 15, 2010, at 19:53, Matty Sarro msa...@gmail.com wrote:

 Ooooh, how about a pressure sensor on his seat??? Like the ones they have in
 cars to make that little airbag light illuminate.
 
 if buttDetected{
 allowAccess();
 }
 
 On Wed, Sep 15, 2010 at 7:00 PM, Yousif Masoud yousif.mas...@gmail.comwrote:
 
 On 12/09/10 17:32, tedd wrote:
 
 Hi gang:
 
 I have a client who wants his employees' access to their online business
 database restricted to only times when he is logged on. (Don't ask why)
 
 In other words, when the boss is not logged on, then his employees cannot
 access the business database in any fashion whatsoever including checking to
 see if the boss is logged on, or not. No access whatsoever!
 
 Normally, I would just set up a field in the database and have that set to
 yes or no as to if the employees could access the database, or not. But
 in this case, the boss does not want even that type of access to the
 database permitted. Repeat -- No access whatsoever!
 
 I was thinking of the boss' script writing to a file that accomplished the
 yes or no thing, but if the boss did not log off properly then the file
 would remain in the yes state allowing employees undesired access. That
 would not be acceptable.
 
 So, what methods would you suggest?
 
 Cheers,
 
 tedd
 
 Hi Tedd,
 One aspect of software design to keep in mind is change.  Today the
 customer wants everyone to have access when they are logged in.  They may
 want that rule relaxed a little.  Perhaps, employees can login when members
 of a certain group are logged in.
 
 I recommend using some form of external device that instructs the system to
 enable/disable access to the database. Depending on the sensitivity of the
 data, the solution can utilize a card reader (once the boss takes the card
 out of the reader, database access is terminated for the company) and either
 a fingerprint or retinal scanner [for extra security].  If it is really
 sensitive data, then a retinal scanner and some form of code generator that
 generates one-time eight digit (at least) code to enable access to the
 database.  The algorithm that generates the codes would be a deeply guarded
 secret (that would mostly be their problem -- you will need to ensure that
 once you sign off the project, there is no way it can be retrieved from
 you).
 
 No need to shut down the database server, just instruct the firewall to
 block the MySQL port and/or Web server port.  Might be a good idea to choose
 a different port than 3306 for MySQL.
 
 What would happen if, for some reason the boss couldn't make it in or is
 on Holiday?
 
 Good luck,
 Yousif
 
 PS. It might be a good idea to introduce them to the concept of RBAC and
 see what they think.
 
 
 
 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 
 

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-14 Thread viraj
got another idea.. setup the database on a machine which can detect
the availability of the boss. if the boss machine is on.. and
connected to network.. the script will try to verify the availability
of the bosses's ip and interface hardware address. (if the boss change
the nic or machine, mac has to be updated manually in the script) and
starts or stops the database.

this can be done with bit of shellexec and bit of shellscripting, if
on linux with 'arp' (all employees and boss has to be in same subnet i
guess.. )

~viraj

On Tue, Sep 14, 2010 at 7:17 AM, Andy McKenzie amckenz...@gmail.com wrote:
 On Mon, Sep 13, 2010 at 8:11 PM, Micky Hulse mickyhulse.li...@gmail.com 
 wrote:
 On Mon, Sep 13, 2010 at 5:05 PM, Daniel Brown danbr...@php.net wrote:
    It would be cheaper to employ the same method used on some
 lawnmowers and required on Jet Skis and Skidoos: a cable with a clip
 worn by the rider.  The rider falls off, the cable releases from the
 vehicle, disengaging the throttle and cutting the engine.  The boss
 stands up, his entire infrastructure collapses, everyone's connections
 are closed, and all PCs subsequently catch fire.

 Lol! That would make a great Dilbert and/or Farside cartoon. :)


 It would, wouldn't it?

 Anyway.  Something you could do is a script that turns mysqld on and
 off:  set him up with an SSH connection to the server, and he can run
 the script when he gets in to turn it on, and run it again whenever he
 leaves to turn it off.  A cron job to turn mysqld off at whatever time
 he usually leaves would probably be a reasonable failsafe.  If he
 really wants you could probably link it to a swipe card system or just
 a keyboard on his desk (enter your PIN to turn it on, enter it again
 to turn it off).

 All that aside, I can't help feeling that this has gotten into I'm
 afraid you know too much for us to let you leave:  Guards!  Take him
 away! territory.

 -Alex

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-14 Thread viraj
On Tue, Sep 14, 2010 at 12:25 PM, viraj kali...@gmail.com wrote:
 got another idea.. setup the database on a machine which can detect
 the availability of the boss. if the boss machine is on.. and
 connected to network.. the script will try to verify the availability
 of the bosses's ip and interface hardware address. (if the boss change
 the nic or machine, mac has to be updated manually in the script) and
 starts or stops the database.

 this can be done with bit of shellexec and bit of shellscripting, if
 on linux with 'arp' (all employees and boss has to be in same subnet i
 guess.. )

and yeah, the script has to be run at some reasonable time interval using a cron

~viraj


 ~viraj

 On Tue, Sep 14, 2010 at 7:17 AM, Andy McKenzie amckenz...@gmail.com wrote:
 On Mon, Sep 13, 2010 at 8:11 PM, Micky Hulse mickyhulse.li...@gmail.com 
 wrote:
 On Mon, Sep 13, 2010 at 5:05 PM, Daniel Brown danbr...@php.net wrote:
    It would be cheaper to employ the same method used on some
 lawnmowers and required on Jet Skis and Skidoos: a cable with a clip
 worn by the rider.  The rider falls off, the cable releases from the
 vehicle, disengaging the throttle and cutting the engine.  The boss
 stands up, his entire infrastructure collapses, everyone's connections
 are closed, and all PCs subsequently catch fire.

 Lol! That would make a great Dilbert and/or Farside cartoon. :)


 It would, wouldn't it?

 Anyway.  Something you could do is a script that turns mysqld on and
 off:  set him up with an SSH connection to the server, and he can run
 the script when he gets in to turn it on, and run it again whenever he
 leaves to turn it off.  A cron job to turn mysqld off at whatever time
 he usually leaves would probably be a reasonable failsafe.  If he
 really wants you could probably link it to a swipe card system or just
 a keyboard on his desk (enter your PIN to turn it on, enter it again
 to turn it off).

 All that aside, I can't help feeling that this has gotten into I'm
 afraid you know too much for us to let you leave:  Guards!  Take him
 away! territory.

 -Alex

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-14 Thread tedd

At 8:05 PM -0400 9/13/10, Daniel Brown wrote:

The boss stands up, his entire infrastructure collapses, everyone's
connections are closed, and all PCs subsequently catch fire.


LOL

Sounds good to me.

After that happens a couple of times, maybe things will change. If 
it's the private sector, they investigate and find a better solution. 
If it's the public sector, they will probably require water based 
fire extinguishers.


Cheers,

tedd

--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-14 Thread Nathan Rixham

Daniel Brown wrote:

On Mon, Sep 13, 2010 at 19:47, Micky Hulse mickyhulse.li...@gmail.com wrote:

Motion sensing camera connected to a mechanical pointer stick aimed to
trigger the server power button.

On his way out of the office:

Clap on/clap off Clapper connected to computer power cable.


It would be cheaper to employ the same method used on some
lawnmowers and required on Jet Skis and Skidoos: a cable with a clip
worn by the rider.  The rider falls off, the cable releases from the
vehicle, disengaging the throttle and cutting the engine.  The boss
stands up, his entire infrastructure collapses, everyone's connections
are closed, and all PCs subsequently catch fire.


I fear this is the implementation needed to make boss see sense, however..


Realistically, a simple desktop-based application running in the
system tray (presuming Windows) would send a kill signal to a
predefined script to issue safe closing routines to the database
first, then any other systems he wants to close out.  It could even
have simple options to poll if there's a screensaver activated, which
would initiate the process automatically, should he choose to be
extremely paranoid.  The same could be automated to work in reverse,
to automatically bring the systems up, when the local desktop session
becomes active (from hibernation, logoff, or screensaver), or even
with an override (Pause Sessions) by right-clicking the systray
icon.


The main problem here is in using a stateless protocol (HTTP) in a 
stateful manner (with sessions), it makes this, technically, impossible. 
That said, you could do this in a stateless manner quite easily by 
giving the boss full control of granting and denying access, that way he 
is always accountable (with his described nature, it might be good for 
the buck to stop with him, rather than your code). I'd suggest having a 
simple boolean flag, usersCanAccess and giving him a button to toggle 
the flags state from true to false. Real life implementation could be an 
empty file which is `touch`ed and `unlink`ed, php implementation being 
an if(file_exists('boss_man_say_okay') ){ // let monkeys work } type 
solution.


Best,

Nathan

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread kranthi
i m not sure if i usderstood your question completely.
by database you mean something like phpmyadmin, right ?

i would save the latest session id of the boss in a file, and every
time an employee tries to log in, verify the time stamp of the session
file in the tmp folder.
and if the boss logs out... clear off the tmp folder to ensure that
the employees dosent have further access.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Richard Quadling
On 12 September 2010 17:32, tedd t...@sperling.com wrote:
 Hi gang:

 I have a client who wants his employees' access to their online business
 database restricted to only times when he is logged on. (Don't ask why)

 In other words, when the boss is not logged on, then his employees cannot
 access the business database in any fashion whatsoever including checking to
 see if the boss is logged on, or not. No access whatsoever!

 Normally, I would just set up a field in the database and have that set to
 yes or no as to if the employees could access the database, or not. But
 in this case, the boss does not want even that type of access to the
 database permitted. Repeat -- No access whatsoever!

 I was thinking of the boss' script writing to a file that accomplished the
 yes or no thing, but if the boss did not log off properly then the file
 would remain in the yes state allowing employees undesired access. That
 would not be acceptable.

 So, what methods would you suggest?

 Cheers,

 tedd

What operating system is he using?

Does he (for example), log into his computer and logoff/shutdown when
he goes home?

If he is using Windows (and I'm sure there are many ways to achieve
this), then in the Startup folder, a small PHP script which sets a
flag I'm here, would allow the DB to know he's at least logged in.

There are different ways to do this.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html
covers login/logout/startup/shutdown.


Do they have a clock card system for clocking in/out the building?
Could you read the database that the clockings are logged in? An odd
number for the day = he's in, even = he's out, missed clocking =
screwed/guess.

Ideally you want to hook into his normal activity if you can.



-- 
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Steve Staples
here's a silly idea...

put the database on his computer (or the entire app).  that way, when
he's *there* he is logged in.  if the computer is off, he's not there,
the app wont work (and the database).

Steve



On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote:
 On 12 September 2010 17:32, tedd t...@sperling.com wrote:
  Hi gang:
 
  I have a client who wants his employees' access to their online business
  database restricted to only times when he is logged on. (Don't ask why)
 
  In other words, when the boss is not logged on, then his employees cannot
  access the business database in any fashion whatsoever including checking to
  see if the boss is logged on, or not. No access whatsoever!
 
  Normally, I would just set up a field in the database and have that set to
  yes or no as to if the employees could access the database, or not. But
  in this case, the boss does not want even that type of access to the
  database permitted. Repeat -- No access whatsoever!
 
  I was thinking of the boss' script writing to a file that accomplished the
  yes or no thing, but if the boss did not log off properly then the file
  would remain in the yes state allowing employees undesired access. That
  would not be acceptable.
 
  So, what methods would you suggest?
 
  Cheers,
 
  tedd
 
 What operating system is he using?
 
 Does he (for example), log into his computer and logoff/shutdown when
 he goes home?
 
 If he is using Windows (and I'm sure there are many ways to achieve
 this), then in the Startup folder, a small PHP script which sets a
 flag I'm here, would allow the DB to know he's at least logged in.
 
 There are different ways to do this.
 http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html
 covers login/logout/startup/shutdown.
 
 
 Do they have a clock card system for clocking in/out the building?
 Could you read the database that the clockings are logged in? An odd
 number for the day = he's in, even = he's out, missed clocking =
 screwed/guess.
 
 Ideally you want to hook into his normal activity if you can.
 
 
 
 -- 
 Richard Quadling
 Twitter : EE : Zend
 @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Ashley Sheridan
On Mon, 2010-09-13 at 09:10 -0400, Steve Staples wrote:

 here's a silly idea...
 
 put the database on his computer (or the entire app).  that way, when
 he's *there* he is logged in.  if the computer is off, he's not there,
 the app wont work (and the database).
 
 Steve
 
 
 
 On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote:
  On 12 September 2010 17:32, tedd t...@sperling.com wrote:
   Hi gang:
  
   I have a client who wants his employees' access to their online business
   database restricted to only times when he is logged on. (Don't ask why)
  
   In other words, when the boss is not logged on, then his employees cannot
   access the business database in any fashion whatsoever including checking 
   to
   see if the boss is logged on, or not. No access whatsoever!
  
   Normally, I would just set up a field in the database and have that set to
   yes or no as to if the employees could access the database, or not. 
   But
   in this case, the boss does not want even that type of access to the
   database permitted. Repeat -- No access whatsoever!
  
   I was thinking of the boss' script writing to a file that accomplished the
   yes or no thing, but if the boss did not log off properly then the 
   file
   would remain in the yes state allowing employees undesired access. That
   would not be acceptable.
  
   So, what methods would you suggest?
  
   Cheers,
  
   tedd
  
  What operating system is he using?
  
  Does he (for example), log into his computer and logoff/shutdown when
  he goes home?
  
  If he is using Windows (and I'm sure there are many ways to achieve
  this), then in the Startup folder, a small PHP script which sets a
  flag I'm here, would allow the DB to know he's at least logged in.
  
  There are different ways to do this.
  http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html
  covers login/logout/startup/shutdown.
  
  
  Do they have a clock card system for clocking in/out the building?
  Could you read the database that the clockings are logged in? An odd
  number for the day = he's in, even = he's out, missed clocking =
  screwed/guess.
  
  Ideally you want to hook into his normal activity if you can.
  
  
  
  -- 
  Richard Quadling
  Twitter : EE : Zend
  @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
  
 
 
 


That's a genius idea!

Thanks,
Ash
http://www.ashleysheridan.co.uk




Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread tedd

At 9:10 AM -0400 9/13/10, Steve Staples wrote:

here's a silly idea...

put the database on his computer (or the entire app).  that way, when
he's *there* he is logged in.  if the computer is off, he's not there,
the app wont work (and the database).

Steve


Silly or not, that *would* work.

Now I have to figure out how to do that.

Thanks,

tedd

--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread tedd

At 11:55 PM -0400 9/12/10, Paul M Foster wrote:


I hate to seem flippant, but here would be my conversation with this
customer:

Customer: My employees got access to the database while I was gone
yesterday!

Consultant: Well, let's see. Oh, it appears you didn't properly log
out.

Customer: Yes, but I was *gone*. They weren't supposed to be able to
access the database unless I'm *here*.

Consultant: The only way we know that is if you log in and log out
properly. Now, if you like, we can put a nanny-cam in your office, and
whenever you're not there (like in the bathroom), the whole thing shuts
down. That will cost $x. Your choice. We've been working on the
mind-reading extension to PHP, but it's not finished yet.


Customer: Thanks for your opinion. We'll be in touch.

Customer to his secretary: Let's find someone who knows how to do this.

Cheers,

tedd

--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] 1984 (Big Brother)

2010-09-13 Thread Bob McConnell
From: tedd

 At 9:10 AM -0400 9/13/10, Steve Staples wrote:
here's a silly idea...

put the database on his computer (or the entire app).  that way, when
he's *there* he is logged in.  if the computer is off, he's not there,
the app wont work (and the database).
 
 Silly or not, that *would* work.
 
 Now I have to figure out how to do that.

This may be the only way to do it, but it shouldn't be too hard to
figure out. If he turns off the computer every time he leaves his desk,
it can be installed anywhere, even as a service. But if he leaves the
computer on, it has to be on his desktop, probably with an entry in his
Start directory to start it when he logs in. But he has to actually log
out of the desktop to block access, not just leave it in the screen
saver.

Bob McConnell

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] 1984 (Big Brother)

2010-09-13 Thread Bob McConnell
From: tedd

 At 11:55 PM -0400 9/12/10, Paul M Foster wrote:

I hate to seem flippant, but here would be my conversation with this
customer:

Customer: My employees got access to the database while I was gone
yesterday!

Consultant: Well, let's see. Oh, it appears you didn't properly log
out.

Customer: Yes, but I was *gone*. They weren't supposed to be able to
access the database unless I'm *here*.

Consultant: The only way we know that is if you log in and log out
properly. Now, if you like, we can put a nanny-cam in your office, and
whenever you're not there (like in the bathroom), the whole thing
shuts
down. That will cost $x. Your choice. We've been working on the
mind-reading extension to PHP, but it's not finished yet.
 
 Customer: Thanks for your opinion. We'll be in touch.
 
 Customer to his secretary: Let's find someone who knows how to do
this.

Anybody that tells him it can be done is lying through their teeth and
will just be stealing his money. He probably deserves what he gets in
this case.

Bob McConnell

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread viraj
hi tedd,
if steve's idea is something doable.. why don't you consider setting
up the mysql data dir on some removable media (thumb/flash drive)?

so the boss can pull it off if he is going home. and it's easy to
detect this in code and display a message to system users, something
similar to that 'mysql server has gone away' message. (boss has gone
away) :)

~viraj

On Mon, Sep 13, 2010 at 7:13 PM, Bob McConnell r...@cbord.com wrote:
 From: tedd

 At 9:10 AM -0400 9/13/10, Steve Staples wrote:
here's a silly idea...

put the database on his computer (or the entire app).  that way, when
he's *there* he is logged in.  if the computer is off, he's not there,
the app wont work (and the database).

 Silly or not, that *would* work.

 Now I have to figure out how to do that.

 This may be the only way to do it, but it shouldn't be too hard to
 figure out. If he turns off the computer every time he leaves his desk,
 it can be installed anywhere, even as a service. But if he leaves the
 computer on, it has to be on his desktop, probably with an entry in his
 Start directory to start it when he logs in. But he has to actually log
 out of the desktop to block access, not just leave it in the screen
 saver.

 Bob McConnell

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Marc Guay
 if steve's idea is something doable.. why don't you consider setting
 up the mysql data dir on some removable media (thumb/flash drive)?

It seems to me that almost no matter what method you choose, you're
going to have to ask the client to do something manually - whether
that's logging out of the website, shutting down his computer,
removing a thumb drive, or whatever - so you might as well be upfront
about that and see how he responds.  Provide the different options and
get them to choose one, at some point they'll need to take a bit of
personal responsibility for the management of this paranoid system.

Marc

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread tedd

At 12:39 PM -0400 9/13/10, Marc Guay wrote:

  if steve's idea is something doable.. why don't you consider setting

 up the mysql data dir on some removable media (thumb/flash drive)?


It seems to me that almost no matter what method you choose, you're
going to have to ask the client to do something manually - whether
that's logging out of the website, shutting down his computer,
removing a thumb drive, or whatever - so you might as well be upfront
about that and see how he responds.  Provide the different options and
get them to choose one, at some point they'll need to take a bit of
personal responsibility for the management of this paranoid system.

Marc


Marc:

What everyone has suggested, I have done. But the decision remains 
the client's.


When I get rich enough to hire myself, then I'll tell myself what to 
do. Until then, I'm just a worker bee and follow the hive.


Cheers,

tedd
--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Paul M Foster
On Mon, Sep 13, 2010 at 12:47:24PM -0400, tedd wrote:

snip

 When I get rich enough to hire myself, then I'll tell myself what to
 do. Until then, I'm just a worker bee and follow the hive.

Oh, heck, you don't have to wait that long. We'll tell you what to do
for *free*! ;-}

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



RE: [PHP] 1984 (Big Brother)

2010-09-13 Thread Daevid Vincent
 

 -Original Message-
 From: tedd [mailto:t...@sperling.com] 
 Sent: Sunday, September 12, 2010 9:32 AM
 To: PHP-General list
 Subject: [PHP] 1984 (Big Brother)
 
 Hi gang:
 
 I have a client who wants his employees' access to their online 
 business database restricted to only times when he is logged on. 
 (Don't ask why)
 
 In other words, when the boss is not logged on, then his employees 
 cannot access the business database in any fashion whatsoever 
 including checking to see if the boss is logged on, or not. No access 
 whatsoever!
 
 Normally, I would just set up a field in the database and have that 
 set to yes or no as to if the employees could access the 
 database, or not. But in this case, the boss does not want even that 
 type of access to the database permitted. Repeat -- No access 
 whatsoever!
 
 I was thinking of the boss' script writing to a file that 
 accomplished the yes or no thing, but if the boss did not log off 
 properly then the file would remain in the yes state allowing 
 employees undesired access. That would not be acceptable.
 
 So, what methods would you suggest?
 
 Cheers,
 
 tedd

You sure know how to pick'em Tedd. 

This is the second whacky client you've posted about on the list...

This guy sounds like a real control-freak (read: tool).

One other thing I'll throw out is the use of a crontab to start/stop mysql
during boss's hours. I don't have a complete solution for you as I just
don't care enough about helping this Dbag lord over his employees like
that, but I suspect you could have /etc/init.d/mysql start or stop at
some pre-determined times like 8am - noon. Then noon till 5pm. Or
something.

RDBMS are not really designed to be turned on and off like that.

Another option is to maybe use M$ Access instead (which does have a
multi-user mode). Use ODBC to connect via PHP to it. So then he would start
up the DB when he likes and shut it down when he likes. (note that a logout
of Windows will NOT prevent the ODBC connection as it is a service -- as
God intended RDBMS to be)
http://www.configure-all.com/php_access.php

This guy is making me angry just thinking about it!

d


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread chris h
On Mon, Sep 13, 2010 at 5:09 PM, Daevid Vincent dae...@daevid.com wrote:



  -Original Message-
  From: tedd [mailto:t...@sperling.com]
  Sent: Sunday, September 12, 2010 9:32 AM
  To: PHP-General list
  Subject: [PHP] 1984 (Big Brother)
 
  Hi gang:
 
  I have a client who wants his employees' access to their online
  business database restricted to only times when he is logged on.
  (Don't ask why)
 
  In other words, when the boss is not logged on, then his employees
  cannot access the business database in any fashion whatsoever
  including checking to see if the boss is logged on, or not. No access
  whatsoever!
 
  Normally, I would just set up a field in the database and have that
  set to yes or no as to if the employees could access the
  database, or not. But in this case, the boss does not want even that
  type of access to the database permitted. Repeat -- No access
  whatsoever!
 
  I was thinking of the boss' script writing to a file that
  accomplished the yes or no thing, but if the boss did not log off
  properly then the file would remain in the yes state allowing
  employees undesired access. That would not be acceptable.
 
  So, what methods would you suggest?
 
  Cheers,
 
  tedd

 You sure know how to pick'em Tedd.

 This is the second whacky client you've posted about on the list...

 This guy sounds like a real control-freak (read: tool).

 One other thing I'll throw out is the use of a crontab to start/stop mysql
 during boss's hours. I don't have a complete solution for you as I just
 don't care enough about helping this Dbag lord over his employees like
 that, but I suspect you could have /etc/init.d/mysql start or stop at
 some pre-determined times like 8am - noon. Then noon till 5pm. Or
 something.

 RDBMS are not really designed to be turned on and off like that.

 Another option is to maybe use M$ Access instead (which does have a
 multi-user mode). Use ODBC to connect via PHP to it. So then he would start
 up the DB when he likes and shut it down when he likes. (note that a logout
 of Windows will NOT prevent the ODBC connection as it is a service -- as
 God intended RDBMS to be)
 http://www.configure-all.com/php_access.php

 This guy is making me angry just thinking about it!

 d



Yes I've been following this post purely in the hope that someone gets Tedd
is explain the client's logic on this one.  It's one thing for a layman to
have this kind of requirement, but another entirely for them to STILL have
it after an explanation.  I mean part of consulting is to tell the client
when they're wrong, for someone to not heed that when they are paying for
the advice is mind boggling. *sigh* if only everyone were perfect like me...
 :p

Hey lets pay someone to consult us on a subject that we're ignorant of.
Great idea! And when he makes a suggestion we can totally ignore him! SQL -
Shmeequal


Rant aside; I would defer the logistics to the client.  He wants the DB to
shutdown when he's not in the office? Ok no problem - not what it was
designed to do, but no problem!

How would you like the system to be aware of rather or not you're in the
office? It can assume you are between these hours; You can log into a screen
that unlocked it, but then you have to logout; we can put a motion detector
in your office; ... etc.

This would put the consequences of the system off on the client. Because if
this system works then there will be consequences and you'll look like a
jerk  :-)

Btw, are there no cron / batch jobs that need to run over night?



Chris


[PHP] Re: [!! SPAM] Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Tim Thorburn

 On 9/13/2010 9:10 AM, Steve Staples wrote:

here's a silly idea...

put the database on his computer (or the entire app).  that way, when
he's *there* he is logged in.  if the computer is off, he's not there,
the app wont work (and the database).

Steve



On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote:

On 12 September 2010 17:32, teddt...@sperling.com  wrote:

Hi gang:

I have a client who wants his employees' access to their online business
database restricted to only times when he is logged on. (Don't ask why)

In other words, when the boss is not logged on, then his employees cannot
access the business database in any fashion whatsoever including checking to
see if the boss is logged on, or not. No access whatsoever!

Normally, I would just set up a field in the database and have that set to
yes or no as to if the employees could access the database, or not. But
in this case, the boss does not want even that type of access to the
database permitted. Repeat -- No access whatsoever!

I was thinking of the boss' script writing to a file that accomplished the
yes or no thing, but if the boss did not log off properly then the file
would remain in the yes state allowing employees undesired access. That
would not be acceptable.

So, what methods would you suggest?

Cheers,

tedd

What operating system is he using?

Does he (for example), log into his computer and logoff/shutdown when
he goes home?

If he is using Windows (and I'm sure there are many ways to achieve
this), then in the Startup folder, a small PHP script which sets a
flag I'm here, would allow the DB to know he's at least logged in.

There are different ways to do this.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html
covers login/logout/startup/shutdown.


Do they have a clock card system for clocking in/out the building?
Could you read the database that the clockings are logged in? An odd
number for the day = he's in, even = he's out, missed clocking =
screwed/guess.

Ideally you want to hook into his normal activity if you can.



--
Richard Quadling
Twitter : EE : Zend
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY




I'm pretty sure I'd have run for the hills after my first meeting with 
this client, but if you're sure you want to proceed ... Beyond the 
options mentioned, you could set it up so that the boss would log in 
each morning with a session that times out at the end of the work day 
(8, 10, 12, w/e hours later).  To make it even more secure, you could 
have the boss create new logins for each employee at the start of each 
day.  Since yesterdays passwords will no longer work, the boss will have 
to be there to issue new passwords to whomever he deems worthy of access 
on this day.  These passwords would of course expire at the normal 
leaving time, so if someone came in late for a password at 4pm and work 
ends at 6pm, their password would only last two more hours.


All in all, I'd still grill him more about what it is he actually wants 
and why, as all of the ideas presented thus far have at least a dozen 
different ways things can go wrong.  Putting the app on the bosses 
computer sounds great and all, but if he's sick or away on business 
suddenly no one in the office is doing any work.  Or when his hdd gives 
out or is replaced and IT's backup system wasn't as great as it could 
have been you'll have fun getting paid to re-do everything.  Having 
everything require a usb stick to launch sounds secure, until he loses 
the stick or forgets it at home one day.  For fun I'd suggest tagging 
him with a microchip which your application will constantly scan for and 
only activate when he's within a certain radius of his desk.  Retna 
scans shouldn't be overlooked either. insert Mission Impossible theme here


May the force be with you on this one.

-Tim


Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Daevid Vincent
 have been you'll have fun getting paid to re-do everything.  Having 
 everything require a usb stick to launch sounds secure, until 
 he loses 
 the stick or forgets it at home one day.  For fun I'd suggest tagging 

...or pulls it out before all the writes have taken place from the cache or
mysql's DELAYED WRITES and so the DB is corrupt or lost integrity.

*sigh*


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Micky Hulse
On Mon, Sep 13, 2010 at 2:43 PM, chris h chris...@gmail.com wrote:
 How would you like the system to be aware of rather or not you're in the
 office?

On his way in to the office:

Motion sensing camera connected to a mechanical pointer stick aimed to
trigger the server power button.

On his way out of the office:

Clap on/clap off Clapper connected to computer power cable.

:D

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] Re: [!! SPAM] Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Phpster


On Sep 13, 2010, at 17:49, Tim Thorburn immor...@nwconx.net wrote:

 On 9/13/2010 9:10 AM, Steve Staples wrote:
 here's a silly idea...
 
 put the database on his computer (or the entire app).  that way, when
 he's *there* he is logged in.  if the computer is off, he's not there,
 the app wont work (and the database).
 
 Steve
 
 
 
 On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote:
 On 12 September 2010 17:32, teddt...@sperling.com  wrote:
 Hi gang:
 
 I have a client who wants his employees' access to their online business
 database restricted to only times when he is logged on. (Don't ask why)
 
 In other words, when the boss is not logged on, then his employees cannot
 access the business database in any fashion whatsoever including checking 
 to
 see if the boss is logged on, or not. No access whatsoever!
 
 Normally, I would just set up a field in the database and have that set to
 yes or no as to if the employees could access the database, or not. But
 in this case, the boss does not want even that type of access to the
 database permitted. Repeat -- No access whatsoever!
 
 I was thinking of the boss' script writing to a file that accomplished the
 yes or no thing, but if the boss did not log off properly then the file
 would remain in the yes state allowing employees undesired access. That
 would not be acceptable.
 
 So, what methods would you suggest?
 
 Cheers,
 
 tedd
 What operating system is he using?
 
 Does he (for example), log into his computer and logoff/shutdown when
 he goes home?
 
 If he is using Windows (and I'm sure there are many ways to achieve
 this), then in the Startup folder, a small PHP script which sets a
 flag I'm here, would allow the DB to know he's at least logged in.
 
 There are different ways to do this.
 http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html
 covers login/logout/startup/shutdown.
 
 
 Do they have a clock card system for clocking in/out the building?
 Could you read the database that the clockings are logged in? An odd
 number for the day = he's in, even = he's out, missed clocking =
 screwed/guess.
 
 Ideally you want to hook into his normal activity if you can.
 
 
 
 -- 
 Richard Quadling
 Twitter : EE : Zend
 @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
 
 
 
 I'm pretty sure I'd have run for the hills after my first meeting with this 
 client, but if you're sure you want to proceed ... Beyond the options 
 mentioned, you could set it up so that the boss would log in each morning 
 with a session that times out at the end of the work day (8, 10, 12, w/e 
 hours later).  To make it even more secure, you could have the boss create 
 new logins for each employee at the start of each day.  Since yesterdays 
 passwords will no longer work, the boss will have to be there to issue new 
 passwords to whomever he deems worthy of access on this day.  These passwords 
 would of course expire at the normal leaving time, so if someone came in late 
 for a password at 4pm and work ends at 6pm, their password would only last 
 two more hours.
 
 All in all, I'd still grill him more about what it is he actually wants and 
 why, as all of the ideas presented thus far have at least a dozen different 
 ways things can go wrong.  Putting the app on the bosses computer sounds 
 great and all, but if he's sick or away on business suddenly no one in the 
 office is doing any work.  Or when his hdd gives out or is replaced and IT's 
 backup system wasn't as great as it could have been you'll have fun getting 
 paid to re-do everything.  Having everything require a usb stick to launch 
 sounds secure, until he loses the stick or forgets it at home one day.  For 
 fun I'd suggest tagging him with a microchip which your application will 
 constantly scan for and only activate when he's within a certain radius of 
 his desk.  Retna scans shouldn't be overlooked either. insert Mission 
 Impossible theme here
 
 May the force be with you on this one.
 
 -Tim

Well, if we are going down this route, many new laptops are offering some form 
of biometrics for access. If your client has one, you could potentially launch 
a script to start/ stop the db at that time. 

Or if we follow the new password suggestion, his morning login could run a 
script to reset and email all users their passwords automatically. 

Bastien

Sent from my iPod



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Daniel Brown
On Mon, Sep 13, 2010 at 19:47, Micky Hulse mickyhulse.li...@gmail.com wrote:

 Motion sensing camera connected to a mechanical pointer stick aimed to
 trigger the server power button.

 On his way out of the office:

 Clap on/clap off Clapper connected to computer power cable.

It would be cheaper to employ the same method used on some
lawnmowers and required on Jet Skis and Skidoos: a cable with a clip
worn by the rider.  The rider falls off, the cable releases from the
vehicle, disengaging the throttle and cutting the engine.  The boss
stands up, his entire infrastructure collapses, everyone's connections
are closed, and all PCs subsequently catch fire.

Realistically, a simple desktop-based application running in the
system tray (presuming Windows) would send a kill signal to a
predefined script to issue safe closing routines to the database
first, then any other systems he wants to close out.  It could even
have simple options to poll if there's a screensaver activated, which
would initiate the process automatically, should he choose to be
extremely paranoid.  The same could be automated to work in reverse,
to automatically bring the systems up, when the local desktop session
becomes active (from hibernation, logoff, or screensaver), or even
with an override (Pause Sessions) by right-clicking the systray
icon.

It's no surprise to several here that I'm not a big fan of
Windows but I do still like to stay on top of programming
languages, and at least give each one a try.  Something of interest to
no one: my first full-production, open-source project that included
PHP was actually a combination of a PHP server-side script and Windows
client script, written in VB, back in 2000.  It was named phpCourier,
and was used as a client-server CMS for simple news postings (before
blog became a catchphrase).  It was downloaded a few thousand times,
and then I quit hosting it.  I may actually have that server with
those files and a bunch of other old projects in my basement.  Now I'm
suddenly interested in unpacking and organizing everything.

-- 
/Daniel P. Brown
Network Infrastructure Manager
Documentation, Webmaster Teams
http://www.php.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Micky Hulse
On Mon, Sep 13, 2010 at 5:05 PM, Daniel Brown danbr...@php.net wrote:
    It would be cheaper to employ the same method used on some
 lawnmowers and required on Jet Skis and Skidoos: a cable with a clip
 worn by the rider.  The rider falls off, the cable releases from the
 vehicle, disengaging the throttle and cutting the engine.  The boss
 stands up, his entire infrastructure collapses, everyone's connections
 are closed, and all PCs subsequently catch fire.

Lol! That would make a great Dilbert and/or Farside cartoon. :)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-13 Thread Andy McKenzie
On Mon, Sep 13, 2010 at 8:11 PM, Micky Hulse mickyhulse.li...@gmail.com wrote:
 On Mon, Sep 13, 2010 at 5:05 PM, Daniel Brown danbr...@php.net wrote:
    It would be cheaper to employ the same method used on some
 lawnmowers and required on Jet Skis and Skidoos: a cable with a clip
 worn by the rider.  The rider falls off, the cable releases from the
 vehicle, disengaging the throttle and cutting the engine.  The boss
 stands up, his entire infrastructure collapses, everyone's connections
 are closed, and all PCs subsequently catch fire.

 Lol! That would make a great Dilbert and/or Farside cartoon. :)


It would, wouldn't it?

Anyway.  Something you could do is a script that turns mysqld on and
off:  set him up with an SSH connection to the server, and he can run
the script when he gets in to turn it on, and run it again whenever he
leaves to turn it off.  A cron job to turn mysqld off at whatever time
he usually leaves would probably be a reasonable failsafe.  If he
really wants you could probably link it to a swipe card system or just
a keyboard on his desk (enter your PIN to turn it on, enter it again
to turn it off).

All that aside, I can't help feeling that this has gotten into I'm
afraid you know too much for us to let you leave:  Guards!  Take him
away! territory.

-Alex

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-12 Thread Joshua Kehn
Tedd-

Would he consider access to another database? I.e. a separate, say memcached db 
which stores the boss status?

An issue with the temporary file would also be session length, if the session 
expires without the user explicitly logging off, the file wouldn't be removed. 
A way to bypass this would be to add some sort of session expiration header to 
the file and update that.

And couldn't you make a simple check if the boss is logged in or not by the 
ability to access the database? 

Regards,

-Josh 

Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com

On Sep 12, 2010, at 12:32 PM, tedd wrote:

 Hi gang:
 
 I have a client who wants his employees' access to their online business 
 database restricted to only times when he is logged on. (Don't ask why)
 
 In other words, when the boss is not logged on, then his employees cannot 
 access the business database in any fashion whatsoever including checking to 
 see if the boss is logged on, or not. No access whatsoever!
 
 Normally, I would just set up a field in the database and have that set to 
 yes or no as to if the employees could access the database, or not. But 
 in this case, the boss does not want even that type of access to the database 
 permitted. Repeat -- No access whatsoever!
 
 I was thinking of the boss' script writing to a file that accomplished the 
 yes or no thing, but if the boss did not log off properly then the file 
 would remain in the yes state allowing employees undesired access. That 
 would not be acceptable.
 
 So, what methods would you suggest?
 
 Cheers,
 
 tedd
 
 -- 
 ---
 http://sperling.com/
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php
 


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-12 Thread Ashley Sheridan
On Sun, 2010-09-12 at 12:32 -0400, tedd wrote:

 Hi gang:
 
 I have a client who wants his employees' access to their online 
 business database restricted to only times when he is logged on. 
 (Don't ask why)
 
 In other words, when the boss is not logged on, then his employees 
 cannot access the business database in any fashion whatsoever 
 including checking to see if the boss is logged on, or not. No access 
 whatsoever!
 
 Normally, I would just set up a field in the database and have that 
 set to yes or no as to if the employees could access the 
 database, or not. But in this case, the boss does not want even that 
 type of access to the database permitted. Repeat -- No access 
 whatsoever!
 
 I was thinking of the boss' script writing to a file that 
 accomplished the yes or no thing, but if the boss did not log off 
 properly then the file would remain in the yes state allowing 
 employees undesired access. That would not be acceptable.
 
 So, what methods would you suggest?
 
 Cheers,
 
 tedd
 
 -- 
 ---
 http://sperling.com/
 


What about using the timestamp of that file as well? Then have the
boss's login update the file periodically, and the employees can only
access if the file exists and is of a certain age or newer. That should
solve the easiest problem, although you still are left with the issue of
the boss...

Thanks,
Ash
http://www.ashleysheridan.co.uk




Re: [PHP] 1984 (Big Brother)

2010-09-12 Thread Per Jessen
tedd wrote:

 Hi gang:
 
 I have a client who wants his employees' access to their online
 business database restricted to only times when he is logged on.
 (Don't ask why)
 
 In other words, when the boss is not logged on, then his employees
 cannot access the business database in any fashion whatsoever
 including checking to see if the boss is logged on, or not. No access
 whatsoever!
 
 Normally, I would just set up a field in the database and have that
 set to yes or no as to if the employees could access the
 database, or not. But in this case, the boss does not want even that
 type of access to the database permitted. Repeat -- No access
 whatsoever!
 
 I was thinking of the boss' script writing to a file that
 accomplished the yes or no thing, but if the boss did not log off
 properly then the file would remain in the yes state allowing
 employees undesired access. That would not be acceptable.
 
 So, what methods would you suggest?

I would ask the boss to confirm his presence maybe once an hour and only
allow employees access when the last such confirmation is less than an
hour old. 



-- 
Per Jessen, Zürich (21.4°C)


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-12 Thread Tamara Temple

Sounds like there are some security concerns here.

On Sep 12, 2010, at 11:32 AM, tedd wrote:
I have a client who wants his employees' access to their online  
business database restricted to only times when he is logged on.  
(Don't ask why)


I do wonder why, though. Perhaps this is an opportunity to educate  
someone about security and privacy and web applications? Does he feel  
that by being logged in, he can control every aspect of connection to  
the data base? Or even be aware of every access to the data base? What  
is he hoping to accomplish be being logged in? Does he propose to  
actively monitor the data base transactions in real time while he's at  
work? What is he hoping to avoid by requiring his logged in state  
before anyone else can access the data base? Just being logged in  
won't dissuade a cracker from attacking his data if they so choose,  
nor will it prevent a disgruntled employee from damaging the data  
while he's logged in if they have the expertise and means.


Also, what happens when he's sick or incapacitated some day and can't  
log in to the data base. Does he expect his business to continue  
without his presence or does it also shut down for the day?


This just seems like an excessive amount of paranoia that his solution  
won't provide an answer for. It seems like a poor business decision on  
his part.


In other words, when the boss is not logged on, then his employees  
cannot access the business database in any fashion whatsoever  
including checking to see if the boss is logged on, or not. No  
access whatsoever!


What about access to the web application while he's not logged in? Do  
they still have that? If someone is determined, they can still learn a  
lot.


Normally, I would just set up a field in the database and have that  
set to yes or no as to if the employees could access the  
database, or not. But in this case, the boss does not want even that  
type of access to the database permitted. Repeat -- No access  
whatsoever!


I was thinking of the boss' script writing to a file that  
accomplished the yes or no thing, but if the boss did not log  
off properly then the file would remain in the yes state allowing  
employees undesired access. That would not be acceptable.


So, what methods would you suggest?


What about access to a parallel data base that only contains  
information pertaining to access? i.e. separate out the application's  
authentication and access control from the main data base and put it  
in a parallel data base.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-12 Thread tedd

At 4:05 PM -0500 9/12/10, Tamara Temple wrote:

Sounds like there are some security concerns here.

On Sep 12, 2010, at 11:32 AM, tedd wrote:
I have a client who wants his employees' access to their online 
business database restricted to only times when he is logged on. 
(Don't ask why)


I do wonder why, though. Perhaps this is an opportunity to educate 
someone about security and privacy and web applications? Does he 
feel that by being logged in, he can control every aspect of 
connection to the data base? Or even be aware of every access to the 
data base? What is he hoping to accomplish be being logged in? Does 
he propose to actively monitor the data base transactions in real 
time while he's at work? What is he hoping to avoid by requiring his 
logged in state before anyone else can access the data base? Just 
being logged in won't dissuade a cracker from attacking his data if 
they so choose, nor will it prevent a disgruntled employee from 
damaging the data while he's logged in if they have the expertise 
and means.


Tamara:

I said Don't ask why

You see, people often have strange notions about their business or 
unusual ideas about how to do things, That goes with consulting. 
While many may find that odd, but some of the most revolutionary 
ideas come from such unusual thinking.


For example, take a look at Henry Ford at his investigation and 
research to control not only what people work on, but how they 
perform their work. Without his efforts, I would think the idea of 
the assembly line would have surfaced many years later by someone 
else with similar ideas.


I'm sure that many people would look upon Steve Jobs and what he 
expects from his employees and think that odd, but look at the 
results.


I don't pass judgement. I simply advise (based upon my limited 
understanding of things) and let the client make the calls. After 
all, he's the one paying the bills and he has answers for the 
remainder of your questions.


Cheers,

tedd
--
---
http://sperling.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-12 Thread Tamara Temple


On Sep 12, 2010, at 4:48 PM, tedd wrote:


At 4:05 PM -0500 9/12/10, Tamara Temple wrote:

Sounds like there are some security concerns here.

On Sep 12, 2010, at 11:32 AM, tedd wrote:
I have a client who wants his employees' access to their online  
business database restricted to only times when he is logged on.  
(Don't ask why)


I do wonder why, though. Perhaps this is an opportunity to educate  
someone about security and privacy and web applications? Does he  
feel that by being logged in, he can control every aspect of  
connection to the data base? Or even be aware of every access to  
the data base? What is he hoping to accomplish be being logged in?  
Does he propose to actively monitor the data base transactions in  
real time while he's at work? What is he hoping to avoid by  
requiring his logged in state before anyone else can access the  
data base? Just being logged in won't dissuade a cracker from  
attacking his data if they so choose, nor will it prevent a  
disgruntled employee from damaging the data while he's logged in if  
they have the expertise and means.


Tamara:

I said Don't ask why


Wondering isn't asking. I don't personally care why. It's not my  
client, not my business, not my problem.


You see, people often have strange notions about their business or  
unusual ideas about how to do things, That goes with consulting.  
While many may find that odd, but some of the most revolutionary  
ideas come from such unusual thinking.


I've been in business and technology consulting for years and years,  
and very successful at getting customer's desired outcomes. I don't  
think their notions strange or unusual -- just that without  
further elicitation, one cannot understand what they are truly  
desiring, and to find out what they don't want as an outcome of their  
up-front stated goals.


I don't pass judgement. I simply advise (based upon my limited  
understanding of things) and let the client make the calls. After  
all, he's the one paying the bills and he has answers for the  
remainder of your questions.


It's not a question of passing judgement on someone's ideas. It's a  
question of finding the best solution for the customer's actual needs  
and desires. It's almost always the case that further exploration of  
the customer's concerns behind their thoughts has proven to give them  
a much more robust and useful solution and gets them what they are  
really after. Most people aren't aware of the assumptions and  
conclusions they have. Eliciting more information can lead to better  
solutions for all. Blind faith in the customer's stated requirements  
can lead one to a disastrous conclusion. It's been said all over the  
net that customers don't really know what they want until they see it.  
Further, that they don't know what they don't want until it happens to  
them. I believe in delivering the most value to the customer for their  
money, and that means understanding their needs as best as possible,  
and that is done by exploring their business models, assumptions, and  
needs.




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-12 Thread Paul M Foster
On Sun, Sep 12, 2010 at 06:07:57PM -0500, Tamara Temple wrote:

snip

 
 I've been in business and technology consulting for years and years,
 and very successful at getting customer's desired outcomes. I don't
 think their notions strange or unusual -- just that without
 further elicitation, one cannot understand what they are truly
 desiring, and to find out what they don't want as an outcome of their
 up-front stated goals.
 
 I don't pass judgement. I simply advise (based upon my limited
 understanding of things) and let the client make the calls. After
 all, he's the one paying the bills and he has answers for the
 remainder of your questions.
 
 It's not a question of passing judgement on someone's ideas. It's a
 question of finding the best solution for the customer's actual needs
 and desires. It's almost always the case that further exploration of
 the customer's concerns behind their thoughts has proven to give them
 a much more robust and useful solution and gets them what they are
 really after. Most people aren't aware of the assumptions and
 conclusions they have. Eliciting more information can lead to better
 solutions for all. Blind faith in the customer's stated requirements
 can lead one to a disastrous conclusion. It's been said all over the
 net that customers don't really know what they want until they see it.
 Further, that they don't know what they don't want until it happens to
 them. I believe in delivering the most value to the customer for their
 money, and that means understanding their needs as best as possible,
 and that is done by exploring their business models, assumptions, and
 needs.

+1

I won't argue with Tedd about this, but perhaps this is why I don't do
business consulting any more. When I would come across a customer like
this, I would argue with them and probe until I found out what they
where *really* trying to do. It was usually some confused idea they had
about something, or something they were doing which wasn't entirely
ethical they were trying to cover.

But again, it's Tedd's client. He can do as he likes.

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Re: [PHP] 1984 (Big Brother)

2010-09-12 Thread Paul M Foster
On Sun, Sep 12, 2010 at 12:32:21PM -0400, tedd wrote:

 Hi gang:
 
 I have a client who wants his employees' access to their online
 business database restricted to only times when he is logged on.
 (Don't ask why)
 
 In other words, when the boss is not logged on, then his employees
 cannot access the business database in any fashion whatsoever
 including checking to see if the boss is logged on, or not. No access
 whatsoever!
 
 Normally, I would just set up a field in the database and have that
 set to yes or no as to if the employees could access the
 database, or not. But in this case, the boss does not want even that
 type of access to the database permitted. Repeat -- No access
 whatsoever!
 
 I was thinking of the boss' script writing to a file that
 accomplished the yes or no thing, but if the boss did not log off
 properly then the file would remain in the yes state allowing
 employees undesired access. That would not be acceptable.
 
 So, what methods would you suggest?

I hate to seem flippant, but here would be my conversation with this
customer:

Customer: My employees got access to the database while I was gone
yesterday!

Consultant: Well, let's see. Oh, it appears you didn't properly log
out.

Customer: Yes, but I was *gone*. They weren't supposed to be able to
access the database unless I'm *here*.

Consultant: The only way we know that is if you log in and log out
properly. Now, if you like, we can put a nanny-cam in your office, and
whenever you're not there (like in the bathroom), the whole thing shuts
down. That will cost $x. Your choice. We've been working on the
mind-reading extension to PHP, but it's not finished yet.

Other than the boss file, I don't see another way. And as you said, if
he doesn't log out properly, the boss file will allow access when he
didn't intend to allow it.

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php