Re: [PHP] 1984 (Big Brother)
At 12:03 PM -0400 9/18/10, chris h wrote: But Tedd, I'm still thinking that a "dead man's switch" is the way to go. :) Chris et al: I think the method I'll recommend to the client is to have the entire office tied to his computer. When it's on, everything is up and when it's off, everything is down That way if the client wants to leave (lunch, bathroom, whatever), he can turn his computer off, or leave it on -- as he wants. If he doesn't show up for work (vacation, sick, whatever), he can tell a subordinate to turn his computer on, or not -- it's totally his choice. The beauty of this method is that it is very simple to understand. There's nothing complicated about it. As I tell my grand-kids "Half the people you meet everyday are below average intelligence -- plan for it". There's nothing elitist about my statement, but rather a statement of fact. I often over estimate the understanding of clients and as I get older I see the error in my ways. Program for excellence, but design for stupidity. Thanks to all. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
So whenever the boss is in a meeting and his screen saver kicks on then the business shuts down. Also I think we've established that thumbdrive + database = disaster. Maybe a thumbdrive that has file with some random hash. Then create a cron that checks for the existence of that file each minute. When the boss leaves the cron doesn't find the file and shuts down the DB, when the boss comes in the cron will see it and starts it up. But Tedd, I'm still thinking that a "dead man's switch" is the way to go. :) Chris. On Sat, Sep 18, 2010 at 8:03 AM, TR Shaw wrote: > If you mean "not logoff properly" as, for instance, getting up and leaving > his office for the day without logging off you can run a script when the > machine "sleeps" or the screen saver runs and runs again when the machine > transitions back to run. > > If your talking about powering off, same scripting approach as above (or > just put DB on Boss' machine and if its off or crashes access ceases. > > As a crazy approach, put the DB on a thumb drive and attach the thumb to > the Boss' car or house keys. He plugs the thumb in when he wants to "grant" > access and takes it when he leaves because he need his keys. > > On Sep 17, 2010, at 11:44 PM, viraj wrote: > > >> > >> Remind him that he must logout normally to lock the DB > > > > if you follow the thread closely, this is a requirement. boss may not > > logout properly :) > > > > that's why all suggest a mechanical ways for the job. pressure > > sensors, cameras etc etc > > > > ~viraj > > > >> > >> > >> > >> On Sep 12, 2010, at 12:37 PM, Joshua Kehn wrote: > >> > >>> Tedd- > >>> > >>> Would he consider access to another database? I.e. a separate, say > memcached db which stores the "boss" status? > >>> > >>> An issue with the temporary file would also be session length, if the > session expires without the user explicitly logging off, the file wouldn't > be removed. A way to bypass this would be to add some sort of session > expiration header to the file and update that. > >>> > >>> And couldn't you make a simple check if the boss is logged in or not by > the ability to access the database? > >>> > >>> Regards, > >>> > >>> -Josh > >>> > >>> Joshua Kehn | josh.k...@gmail.com > >>> http://joshuakehn.com > >>> > >>> On Sep 12, 2010, at 12:32 PM, tedd wrote: > >>> > Hi gang: > > I have a client who wants his employees' access to their online > business database restricted to only times when he is logged on. (Don't ask > why) > > In other words, when the boss is not logged on, then his employees > cannot access the business database in any fashion whatsoever including > checking to see if the boss is logged on, or not. No access whatsoever! > > Normally, I would just set up a field in the database and have that > set to "yes" or "no" as to if the employees could access the database, or > not. But in this case, the boss does not want even that type of access to > the database permitted. Repeat -- No access whatsoever! > > I was thinking of the boss' script writing to a file that accomplished > the "yes" or "no" thing, but if the boss did not log off properly then the > file would remain in the "yes" state allowing employees undesired access. > That would not be acceptable. > > So, what methods would you suggest? > > Cheers, > > tedd > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > >>> > >>> > >>> -- > >>> PHP General Mailing List (http://www.php.net/) > >>> To unsubscribe, visit: http://www.php.net/unsub.php > >>> > >> > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] 1984 (Big Brother)
If you mean "not logoff properly" as, for instance, getting up and leaving his office for the day without logging off you can run a script when the machine "sleeps" or the screen saver runs and runs again when the machine transitions back to run. If your talking about powering off, same scripting approach as above (or just put DB on Boss' machine and if its off or crashes access ceases. As a crazy approach, put the DB on a thumb drive and attach the thumb to the Boss' car or house keys. He plugs the thumb in when he wants to "grant" access and takes it when he leaves because he need his keys. On Sep 17, 2010, at 11:44 PM, viraj wrote: >> >> Remind him that he must logout normally to lock the DB > > if you follow the thread closely, this is a requirement. boss may not > logout properly :) > > that's why all suggest a mechanical ways for the job. pressure > sensors, cameras etc etc > > ~viraj > >> >> >> >> On Sep 12, 2010, at 12:37 PM, Joshua Kehn wrote: >> >>> Tedd- >>> >>> Would he consider access to another database? I.e. a separate, say >>> memcached db which stores the "boss" status? >>> >>> An issue with the temporary file would also be session length, if the >>> session expires without the user explicitly logging off, the file wouldn't >>> be removed. A way to bypass this would be to add some sort of session >>> expiration header to the file and update that. >>> >>> And couldn't you make a simple check if the boss is logged in or not by the >>> ability to access the database? >>> >>> Regards, >>> >>> -Josh >>> >>> Joshua Kehn | josh.k...@gmail.com >>> http://joshuakehn.com >>> >>> On Sep 12, 2010, at 12:32 PM, tedd wrote: >>> Hi gang: I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why) In other words, when the boss is not logged on, then his employees cannot access the business database in any fashion whatsoever including checking to see if the boss is logged on, or not. No access whatsoever! Normally, I would just set up a field in the database and have that set to "yes" or "no" as to if the employees could access the database, or not. But in this case, the boss does not want even that type of access to the database permitted. Repeat -- No access whatsoever! I was thinking of the boss' script writing to a file that accomplished the "yes" or "no" thing, but if the boss did not log off properly then the file would remain in the "yes" state allowing employees undesired access. That would not be acceptable. So, what methods would you suggest? Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
> > Remind him that he must logout normally to lock the DB if you follow the thread closely, this is a requirement. boss may not logout properly :) that's why all suggest a mechanical ways for the job. pressure sensors, cameras etc etc ~viraj > > > > On Sep 12, 2010, at 12:37 PM, Joshua Kehn wrote: > >> Tedd- >> >> Would he consider access to another database? I.e. a separate, say memcached >> db which stores the "boss" status? >> >> An issue with the temporary file would also be session length, if the >> session expires without the user explicitly logging off, the file wouldn't >> be removed. A way to bypass this would be to add some sort of session >> expiration header to the file and update that. >> >> And couldn't you make a simple check if the boss is logged in or not by the >> ability to access the database? >> >> Regards, >> >> -Josh >> >> Joshua Kehn | josh.k...@gmail.com >> http://joshuakehn.com >> >> On Sep 12, 2010, at 12:32 PM, tedd wrote: >> >>> Hi gang: >>> >>> I have a client who wants his employees' access to their online business >>> database restricted to only times when he is logged on. (Don't ask why) >>> >>> In other words, when the boss is not logged on, then his employees cannot >>> access the business database in any fashion whatsoever including checking >>> to see if the boss is logged on, or not. No access whatsoever! >>> >>> Normally, I would just set up a field in the database and have that set to >>> "yes" or "no" as to if the employees could access the database, or not. But >>> in this case, the boss does not want even that type of access to the >>> database permitted. Repeat -- No access whatsoever! >>> >>> I was thinking of the boss' script writing to a file that accomplished the >>> "yes" or "no" thing, but if the boss did not log off properly then the file >>> would remain in the "yes" state allowing employees undesired access. That >>> would not be acceptable. >>> >>> So, what methods would you suggest? >>> >>> Cheers, >>> >>> tedd >>> >>> -- >>> --- >>> http://sperling.com/ >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
I guess I need to chime in. Besides the fact that his is a moron - the customer is always right - at least as long as he is paying OK simplest way to handle this is: 1) Set the_db ownership and permissions to chown theboss:employees the_db chmod 0700 the_db 2) Attach a script to his login script that does chmod 0770 the_db 2) Attach a script to his logout script that does chmod 0700 the_db Remind him that he must logout normally to lock the DB On Sep 12, 2010, at 12:37 PM, Joshua Kehn wrote: > Tedd- > > Would he consider access to another database? I.e. a separate, say memcached > db which stores the "boss" status? > > An issue with the temporary file would also be session length, if the session > expires without the user explicitly logging off, the file wouldn't be > removed. A way to bypass this would be to add some sort of session expiration > header to the file and update that. > > And couldn't you make a simple check if the boss is logged in or not by the > ability to access the database? > > Regards, > > -Josh > > Joshua Kehn | josh.k...@gmail.com > http://joshuakehn.com > > On Sep 12, 2010, at 12:32 PM, tedd wrote: > >> Hi gang: >> >> I have a client who wants his employees' access to their online business >> database restricted to only times when he is logged on. (Don't ask why) >> >> In other words, when the boss is not logged on, then his employees cannot >> access the business database in any fashion whatsoever including checking to >> see if the boss is logged on, or not. No access whatsoever! >> >> Normally, I would just set up a field in the database and have that set to >> "yes" or "no" as to if the employees could access the database, or not. But >> in this case, the boss does not want even that type of access to the >> database permitted. Repeat -- No access whatsoever! >> >> I was thinking of the boss' script writing to a file that accomplished the >> "yes" or "no" thing, but if the boss did not log off properly then the file >> would remain in the "yes" state allowing employees undesired access. That >> would not be acceptable. >> >> So, what methods would you suggest? >> >> Cheers, >> >> tedd >> >> -- >> --- >> http://sperling.com/ >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
Next we'll be suggesting sharks with frikking laser attached to their heads to guard the door! Bastien Sent from my iPod On Sep 15, 2010, at 19:53, Matty Sarro wrote: > Ooooh, how about a pressure sensor on his seat??? Like the ones they have in > cars to make that little airbag light illuminate. > > if buttDetected{ > allowAccess(); > } > > On Wed, Sep 15, 2010 at 7:00 PM, Yousif Masoud wrote: > >> On 12/09/10 17:32, tedd wrote: >> >>> Hi gang: >>> >>> I have a client who wants his employees' access to their online business >>> database restricted to only times when he is logged on. (Don't ask why) >>> >>> In other words, when the boss is not logged on, then his employees cannot >>> access the business database in any fashion whatsoever including checking to >>> see if the boss is logged on, or not. No access whatsoever! >>> >>> Normally, I would just set up a field in the database and have that set to >>> "yes" or "no" as to if the employees could access the database, or not. But >>> in this case, the boss does not want even that type of access to the >>> database permitted. Repeat -- No access whatsoever! >>> >>> I was thinking of the boss' script writing to a file that accomplished the >>> "yes" or "no" thing, but if the boss did not log off properly then the file >>> would remain in the "yes" state allowing employees undesired access. That >>> would not be acceptable. >>> >>> So, what methods would you suggest? >>> >>> Cheers, >>> >>> tedd >>> >>> Hi Tedd, >> One aspect of software design to keep in mind is change. Today the >> customer wants everyone to have access when they are logged in. They may >> want that rule relaxed a little. Perhaps, employees can login when members >> of a certain group are logged in. >> >> I recommend using some form of external device that instructs the system to >> enable/disable access to the database. Depending on the sensitivity of the >> data, the solution can utilize a card reader (once the boss takes the card >> out of the reader, database access is terminated for the company) and either >> a fingerprint or retinal scanner [for extra security]. If it is really >> sensitive data, then a retinal scanner and some form of code generator that >> generates one-time eight digit (at least) code to enable access to the >> database. The algorithm that generates the codes would be a deeply guarded >> secret (that would mostly be their problem -- you will need to ensure that >> once you sign off the project, there is no way it can be retrieved from >> you). >> >> No need to shut down the database server, just instruct the firewall to >> block the MySQL port and/or Web server port. Might be a good idea to choose >> a different port than 3306 for MySQL. >> >> What would happen if, for some reason the "boss" couldn't make it in or is >> on Holiday? >> >> Good luck, >> Yousif >> >> PS. It might be a good idea to introduce them to the concept of RBAC and >> see what they think. >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
Ooooh, how about a pressure sensor on his seat??? Like the ones they have in cars to make that little airbag light illuminate. if buttDetected{ allowAccess(); } On Wed, Sep 15, 2010 at 7:00 PM, Yousif Masoud wrote: > On 12/09/10 17:32, tedd wrote: > >> Hi gang: >> >> I have a client who wants his employees' access to their online business >> database restricted to only times when he is logged on. (Don't ask why) >> >> In other words, when the boss is not logged on, then his employees cannot >> access the business database in any fashion whatsoever including checking to >> see if the boss is logged on, or not. No access whatsoever! >> >> Normally, I would just set up a field in the database and have that set to >> "yes" or "no" as to if the employees could access the database, or not. But >> in this case, the boss does not want even that type of access to the >> database permitted. Repeat -- No access whatsoever! >> >> I was thinking of the boss' script writing to a file that accomplished the >> "yes" or "no" thing, but if the boss did not log off properly then the file >> would remain in the "yes" state allowing employees undesired access. That >> would not be acceptable. >> >> So, what methods would you suggest? >> >> Cheers, >> >> tedd >> >> Hi Tedd, > One aspect of software design to keep in mind is change. Today the > customer wants everyone to have access when they are logged in. They may > want that rule relaxed a little. Perhaps, employees can login when members > of a certain group are logged in. > > I recommend using some form of external device that instructs the system to > enable/disable access to the database. Depending on the sensitivity of the > data, the solution can utilize a card reader (once the boss takes the card > out of the reader, database access is terminated for the company) and either > a fingerprint or retinal scanner [for extra security]. If it is really > sensitive data, then a retinal scanner and some form of code generator that > generates one-time eight digit (at least) code to enable access to the > database. The algorithm that generates the codes would be a deeply guarded > secret (that would mostly be their problem -- you will need to ensure that > once you sign off the project, there is no way it can be retrieved from > you). > > No need to shut down the database server, just instruct the firewall to > block the MySQL port and/or Web server port. Might be a good idea to choose > a different port than 3306 for MySQL. > > What would happen if, for some reason the "boss" couldn't make it in or is > on Holiday? > > Good luck, > Yousif > > PS. It might be a good idea to introduce them to the concept of RBAC and > see what they think. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
Re: [PHP] 1984 (Big Brother)
On 12/09/10 17:32, tedd wrote: Hi gang: I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why) In other words, when the boss is not logged on, then his employees cannot access the business database in any fashion whatsoever including checking to see if the boss is logged on, or not. No access whatsoever! Normally, I would just set up a field in the database and have that set to "yes" or "no" as to if the employees could access the database, or not. But in this case, the boss does not want even that type of access to the database permitted. Repeat -- No access whatsoever! I was thinking of the boss' script writing to a file that accomplished the "yes" or "no" thing, but if the boss did not log off properly then the file would remain in the "yes" state allowing employees undesired access. That would not be acceptable. So, what methods would you suggest? Cheers, tedd Hi Tedd, One aspect of software design to keep in mind is change. Today the customer wants everyone to have access when they are logged in. They may want that rule relaxed a little. Perhaps, employees can login when members of a certain group are logged in. I recommend using some form of external device that instructs the system to enable/disable access to the database. Depending on the sensitivity of the data, the solution can utilize a card reader (once the boss takes the card out of the reader, database access is terminated for the company) and either a fingerprint or retinal scanner [for extra security]. If it is really sensitive data, then a retinal scanner and some form of code generator that generates one-time eight digit (at least) code to enable access to the database. The algorithm that generates the codes would be a deeply guarded secret (that would mostly be their problem -- you will need to ensure that once you sign off the project, there is no way it can be retrieved from you). No need to shut down the database server, just instruct the firewall to block the MySQL port and/or Web server port. Might be a good idea to choose a different port than 3306 for MySQL. What would happen if, for some reason the "boss" couldn't make it in or is on Holiday? Good luck, Yousif PS. It might be a good idea to introduce them to the concept of RBAC and see what they think. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
> if(file_exists('boss_man_say_okay') ){ // let monkeys work } Is there an acronym for the sound of sad, knowing laughter? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
Daniel Brown wrote: On Mon, Sep 13, 2010 at 19:47, Micky Hulse wrote: Motion sensing camera connected to a mechanical pointer stick aimed to trigger the server power button. On his way out of the office: Clap on/clap off Clapper connected to computer power cable. It would be cheaper to employ the same method used on some lawnmowers and required on Jet Skis and Skidoos: a cable with a clip worn by the rider. The rider falls off, the cable releases from the vehicle, disengaging the throttle and cutting the engine. The boss stands up, his entire infrastructure collapses, everyone's connections are closed, and all PCs subsequently catch fire. I fear this is the implementation needed to make "boss" see sense, however.. Realistically, a simple desktop-based application running in the system tray (presuming Windows) would send a kill signal to a predefined script to issue safe closing routines to the database first, then any other systems he wants to close out. It could even have simple options to poll if there's a screensaver activated, which would initiate the process automatically, should he choose to be extremely paranoid. The same could be automated to work in reverse, to automatically bring the systems up, when the local desktop session becomes active (from hibernation, logoff, or screensaver), or even with an override ("Pause Sessions") by right-clicking the systray icon. The main problem here is in using a stateless protocol (HTTP) in a stateful manner (with sessions), it makes this, technically, impossible. That said, you could do this in a stateless manner quite easily by giving the boss full control of granting and denying access, that way he is always accountable (with his described nature, it might be good for the buck to stop with him, rather than your code). I'd suggest having a simple boolean flag, usersCanAccess and giving him a button to toggle the flags state from true to false. Real life implementation could be an empty file which is `touch`ed and `unlink`ed, php implementation being an if(file_exists('boss_man_say_okay') ){ // let monkeys work } type solution. Best, Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
At 8:05 PM -0400 9/13/10, Daniel Brown wrote: The boss stands up, his entire infrastructure collapses, everyone's connections are closed, and all PCs subsequently catch fire. LOL Sounds good to me. After that happens a couple of times, maybe things will change. If it's the private sector, they investigate and find a better solution. If it's the public sector, they will probably require water based fire extinguishers. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Tue, Sep 14, 2010 at 12:25 PM, viraj wrote: > got another idea.. setup the database on a machine which can detect > the availability of the boss. if the boss machine is on.. and > connected to network.. the script will try to verify the availability > of the bosses's ip and interface hardware address. (if the boss change > the nic or machine, mac has to be updated manually in the script) and > starts or stops the database. > > this can be done with bit of shellexec and bit of shellscripting, if > on linux with 'arp' (all employees and boss has to be in same subnet i > guess.. ) and yeah, the script has to be run at some reasonable time interval using a cron ~viraj > > ~viraj > > On Tue, Sep 14, 2010 at 7:17 AM, Andy McKenzie wrote: >> On Mon, Sep 13, 2010 at 8:11 PM, Micky Hulse >> wrote: >>> On Mon, Sep 13, 2010 at 5:05 PM, Daniel Brown wrote: It would be cheaper to employ the same method used on some lawnmowers and required on Jet Skis and Skidoos: a cable with a clip worn by the rider. The rider falls off, the cable releases from the vehicle, disengaging the throttle and cutting the engine. The boss stands up, his entire infrastructure collapses, everyone's connections are closed, and all PCs subsequently catch fire. >>> >>> Lol! That would make a great Dilbert and/or Farside cartoon. :) >> >> >> It would, wouldn't it? >> >> Anyway. Something you could do is a script that turns mysqld on and >> off: set him up with an SSH connection to the server, and he can run >> the script when he gets in to turn it on, and run it again whenever he >> leaves to turn it off. A cron job to turn mysqld off at whatever time >> he usually leaves would probably be a reasonable failsafe. If he >> really wants you could probably link it to a swipe card system or just >> a keyboard on his desk (enter your PIN to turn it on, enter it again >> to turn it off). >> >> All that aside, I can't help feeling that this has gotten into "I'm >> afraid you know too much for us to let you leave: Guards! Take him >> away!" territory. >> >> -Alex >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
got another idea.. setup the database on a machine which can detect the availability of the boss. if the boss machine is on.. and connected to network.. the script will try to verify the availability of the bosses's ip and interface hardware address. (if the boss change the nic or machine, mac has to be updated manually in the script) and starts or stops the database. this can be done with bit of shellexec and bit of shellscripting, if on linux with 'arp' (all employees and boss has to be in same subnet i guess.. ) ~viraj On Tue, Sep 14, 2010 at 7:17 AM, Andy McKenzie wrote: > On Mon, Sep 13, 2010 at 8:11 PM, Micky Hulse > wrote: >> On Mon, Sep 13, 2010 at 5:05 PM, Daniel Brown wrote: >>> It would be cheaper to employ the same method used on some >>> lawnmowers and required on Jet Skis and Skidoos: a cable with a clip >>> worn by the rider. The rider falls off, the cable releases from the >>> vehicle, disengaging the throttle and cutting the engine. The boss >>> stands up, his entire infrastructure collapses, everyone's connections >>> are closed, and all PCs subsequently catch fire. >> >> Lol! That would make a great Dilbert and/or Farside cartoon. :) > > > It would, wouldn't it? > > Anyway. Something you could do is a script that turns mysqld on and > off: set him up with an SSH connection to the server, and he can run > the script when he gets in to turn it on, and run it again whenever he > leaves to turn it off. A cron job to turn mysqld off at whatever time > he usually leaves would probably be a reasonable failsafe. If he > really wants you could probably link it to a swipe card system or just > a keyboard on his desk (enter your PIN to turn it on, enter it again > to turn it off). > > All that aside, I can't help feeling that this has gotten into "I'm > afraid you know too much for us to let you leave: Guards! Take him > away!" territory. > > -Alex > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Mon, Sep 13, 2010 at 8:11 PM, Micky Hulse wrote: > On Mon, Sep 13, 2010 at 5:05 PM, Daniel Brown wrote: >> It would be cheaper to employ the same method used on some >> lawnmowers and required on Jet Skis and Skidoos: a cable with a clip >> worn by the rider. The rider falls off, the cable releases from the >> vehicle, disengaging the throttle and cutting the engine. The boss >> stands up, his entire infrastructure collapses, everyone's connections >> are closed, and all PCs subsequently catch fire. > > Lol! That would make a great Dilbert and/or Farside cartoon. :) It would, wouldn't it? Anyway. Something you could do is a script that turns mysqld on and off: set him up with an SSH connection to the server, and he can run the script when he gets in to turn it on, and run it again whenever he leaves to turn it off. A cron job to turn mysqld off at whatever time he usually leaves would probably be a reasonable failsafe. If he really wants you could probably link it to a swipe card system or just a keyboard on his desk (enter your PIN to turn it on, enter it again to turn it off). All that aside, I can't help feeling that this has gotten into "I'm afraid you know too much for us to let you leave: Guards! Take him away!" territory. -Alex -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Mon, Sep 13, 2010 at 5:05 PM, Daniel Brown wrote: > It would be cheaper to employ the same method used on some > lawnmowers and required on Jet Skis and Skidoos: a cable with a clip > worn by the rider. The rider falls off, the cable releases from the > vehicle, disengaging the throttle and cutting the engine. The boss > stands up, his entire infrastructure collapses, everyone's connections > are closed, and all PCs subsequently catch fire. Lol! That would make a great Dilbert and/or Farside cartoon. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Mon, Sep 13, 2010 at 19:47, Micky Hulse wrote: > > Motion sensing camera connected to a mechanical pointer stick aimed to > trigger the server power button. > > On his way out of the office: > > Clap on/clap off Clapper connected to computer power cable. It would be cheaper to employ the same method used on some lawnmowers and required on Jet Skis and Skidoos: a cable with a clip worn by the rider. The rider falls off, the cable releases from the vehicle, disengaging the throttle and cutting the engine. The boss stands up, his entire infrastructure collapses, everyone's connections are closed, and all PCs subsequently catch fire. Realistically, a simple desktop-based application running in the system tray (presuming Windows) would send a kill signal to a predefined script to issue safe closing routines to the database first, then any other systems he wants to close out. It could even have simple options to poll if there's a screensaver activated, which would initiate the process automatically, should he choose to be extremely paranoid. The same could be automated to work in reverse, to automatically bring the systems up, when the local desktop session becomes active (from hibernation, logoff, or screensaver), or even with an override ("Pause Sessions") by right-clicking the systray icon. It's no surprise to several here that I'm not a big fan of Windows but I do still like to stay on top of programming languages, and at least give each one a try. Something of interest to no one: my first full-production, open-source project that included PHP was actually a combination of a PHP server-side script and Windows client script, written in VB, back in 2000. It was named phpCourier, and was used as a client-server CMS for simple news postings (before "blog" became a catchphrase). It was downloaded a few thousand times, and then I quit hosting it. I may actually have that server with those files and a bunch of other old projects in my basement. Now I'm suddenly interested in unpacking and organizing everything. -- Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [!! SPAM] Re: [PHP] 1984 (Big Brother)
On Sep 13, 2010, at 17:49, Tim Thorburn wrote: > On 9/13/2010 9:10 AM, Steve Staples wrote: >> here's a silly idea... >> >> put the database on his computer (or the entire app). that way, when >> he's *there* he is logged in. if the computer is off, he's not there, >> the app wont work (and the database). >> >> Steve >> >> >> >> On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote: >>> On 12 September 2010 17:32, tedd wrote: Hi gang: I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why) In other words, when the boss is not logged on, then his employees cannot access the business database in any fashion whatsoever including checking to see if the boss is logged on, or not. No access whatsoever! Normally, I would just set up a field in the database and have that set to "yes" or "no" as to if the employees could access the database, or not. But in this case, the boss does not want even that type of access to the database permitted. Repeat -- No access whatsoever! I was thinking of the boss' script writing to a file that accomplished the "yes" or "no" thing, but if the boss did not log off properly then the file would remain in the "yes" state allowing employees undesired access. That would not be acceptable. So, what methods would you suggest? Cheers, tedd >>> What operating system is he using? >>> >>> Does he (for example), log into his computer and logoff/shutdown when >>> he goes home? >>> >>> If he is using Windows (and I'm sure there are many ways to achieve >>> this), then in the Startup folder, a small PHP script which sets a >>> flag "I'm here", would allow the DB to know he's at least logged in. >>> >>> There are different ways to do this. >>> http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html >>> covers login/logout/startup/shutdown. >>> >>> >>> Do they have a clock card system for clocking in/out the building? >>> Could you read the database that the clockings are logged in? An odd >>> number for the day = he's in, even = he's out, missed clocking = >>> screwed/guess. >>> >>> Ideally you want to "hook" into his normal activity if you can. >>> >>> >>> >>> -- >>> Richard Quadling >>> Twitter : EE : Zend >>> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY >>> >> >> > I'm pretty sure I'd have run for the hills after my first meeting with this > client, but if you're sure you want to proceed ... Beyond the options > mentioned, you could set it up so that the boss would log in each morning > with a session that times out at the end of the work day (8, 10, 12, w/e > hours later). To make it even more secure, you could have the boss create > new logins for each employee at the start of each day. Since yesterdays > passwords will no longer work, the boss will have to be there to issue new > passwords to whomever he deems worthy of access on this day. These passwords > would of course expire at the normal leaving time, so if someone came in late > for a password at 4pm and work ends at 6pm, their password would only last > two more hours. > > All in all, I'd still grill him more about what it is he actually wants and > why, as all of the ideas presented thus far have at least a dozen different > ways things can go wrong. Putting the app on the bosses computer sounds > great and all, but if he's sick or away on business suddenly no one in the > office is doing any work. Or when his hdd gives out or is replaced and IT's > backup system wasn't as great as it could have been you'll have fun getting > paid to re-do everything. Having everything require a usb stick to launch > sounds secure, until he loses the stick or forgets it at home one day. For > fun I'd suggest tagging him with a microchip which your application will > constantly scan for and only activate when he's within a certain radius of > his desk. Retna scans shouldn't be overlooked either. Impossible theme here> > > May the force be with you on this one. > > -Tim Well, if we are going down this route, many new laptops are offering some form of biometrics for access. If your client has one, you could potentially launch a script to start/ stop the db at that time. Or if we follow the new password suggestion, his morning login could run a script to reset and email all users their passwords automatically. Bastien Sent from my iPod -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Mon, Sep 13, 2010 at 2:43 PM, chris h wrote: > "How would you like the system to be aware of rather or not you're in the > office? On his way in to the office: Motion sensing camera connected to a mechanical pointer stick aimed to trigger the server power button. On his way out of the office: Clap on/clap off Clapper connected to computer power cable. :D -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
> have been you'll have fun getting paid to re-do everything. Having > everything require a usb stick to launch sounds secure, until > he loses > the stick or forgets it at home one day. For fun I'd suggest tagging ...or pulls it out before all the writes have taken place from the cache or mysql's DELAYED WRITES and so the DB is corrupt or lost integrity. *sigh* -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [!! SPAM] Re: [PHP] 1984 (Big Brother)
On 9/13/2010 9:10 AM, Steve Staples wrote: here's a silly idea... put the database on his computer (or the entire app). that way, when he's *there* he is logged in. if the computer is off, he's not there, the app wont work (and the database). Steve On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote: On 12 September 2010 17:32, tedd wrote: Hi gang: I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why) In other words, when the boss is not logged on, then his employees cannot access the business database in any fashion whatsoever including checking to see if the boss is logged on, or not. No access whatsoever! Normally, I would just set up a field in the database and have that set to "yes" or "no" as to if the employees could access the database, or not. But in this case, the boss does not want even that type of access to the database permitted. Repeat -- No access whatsoever! I was thinking of the boss' script writing to a file that accomplished the "yes" or "no" thing, but if the boss did not log off properly then the file would remain in the "yes" state allowing employees undesired access. That would not be acceptable. So, what methods would you suggest? Cheers, tedd What operating system is he using? Does he (for example), log into his computer and logoff/shutdown when he goes home? If he is using Windows (and I'm sure there are many ways to achieve this), then in the Startup folder, a small PHP script which sets a flag "I'm here", would allow the DB to know he's at least logged in. There are different ways to do this. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html covers login/logout/startup/shutdown. Do they have a clock card system for clocking in/out the building? Could you read the database that the clockings are logged in? An odd number for the day = he's in, even = he's out, missed clocking = screwed/guess. Ideally you want to "hook" into his normal activity if you can. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY I'm pretty sure I'd have run for the hills after my first meeting with this client, but if you're sure you want to proceed ... Beyond the options mentioned, you could set it up so that the boss would log in each morning with a session that times out at the end of the work day (8, 10, 12, w/e hours later). To make it even more secure, you could have the boss create new logins for each employee at the start of each day. Since yesterdays passwords will no longer work, the boss will have to be there to issue new passwords to whomever he deems worthy of access on this day. These passwords would of course expire at the normal leaving time, so if someone came in late for a password at 4pm and work ends at 6pm, their password would only last two more hours. All in all, I'd still grill him more about what it is he actually wants and why, as all of the ideas presented thus far have at least a dozen different ways things can go wrong. Putting the app on the bosses computer sounds great and all, but if he's sick or away on business suddenly no one in the office is doing any work. Or when his hdd gives out or is replaced and IT's backup system wasn't as great as it could have been you'll have fun getting paid to re-do everything. Having everything require a usb stick to launch sounds secure, until he loses the stick or forgets it at home one day. For fun I'd suggest tagging him with a microchip which your application will constantly scan for and only activate when he's within a certain radius of his desk. Retna scans shouldn't be overlooked either. May the force be with you on this one. -Tim
Re: [PHP] 1984 (Big Brother)
On Mon, Sep 13, 2010 at 5:09 PM, Daevid Vincent wrote: > > > > -Original Message- > > From: tedd [mailto:t...@sperling.com] > > Sent: Sunday, September 12, 2010 9:32 AM > > To: PHP-General list > > Subject: [PHP] 1984 (Big Brother) > > > > Hi gang: > > > > I have a client who wants his employees' access to their online > > business database restricted to only times when he is logged on. > > (Don't ask why) > > > > In other words, when the boss is not logged on, then his employees > > cannot access the business database in any fashion whatsoever > > including checking to see if the boss is logged on, or not. No access > > whatsoever! > > > > Normally, I would just set up a field in the database and have that > > set to "yes" or "no" as to if the employees could access the > > database, or not. But in this case, the boss does not want even that > > type of access to the database permitted. Repeat -- No access > > whatsoever! > > > > I was thinking of the boss' script writing to a file that > > accomplished the "yes" or "no" thing, but if the boss did not log off > > properly then the file would remain in the "yes" state allowing > > employees undesired access. That would not be acceptable. > > > > So, what methods would you suggest? > > > > Cheers, > > > > tedd > > You sure know how to pick'em Tedd. > > This is the second "whacky" client you've posted about on the list... > > This guy sounds like a real control-freak (read: tool). > > One other thing I'll throw out is the use of a crontab to start/stop mysql > during "boss's hours". I don't have a complete solution for you as I just > don't care enough about helping this Dbag lord over his employees like > that, but I suspect you could have "/etc/init.d/mysql start" or "stop" at > some pre-determined times like 8am - noon. Then noon till 5pm. Or > something. > > RDBMS are not really designed to be turned on and off like that. > > Another option is to maybe use M$ Access instead (which does have a > multi-user mode). Use ODBC to connect via PHP to it. So then he would start > up the DB when he likes and shut it down when he likes. (note that a logout > of Windows will NOT prevent the ODBC connection as it is a service -- as > God intended RDBMS to be) > http://www.configure-all.com/php_access.php > > This guy is making me angry just thinking about it! > > d > > Yes I've been following this post purely in the hope that someone gets Tedd is explain the client's "logic" on this one. It's one thing for a layman to have this kind of requirement, but another entirely for them to STILL have it after an explanation. I mean part of consulting is to tell the client when they're wrong, for someone to not heed that when they are paying for the advice is mind boggling. *sigh* if only everyone were perfect like me... :p "Hey lets pay someone to consult us on a subject that we're ignorant of." "Great idea! And when he makes a suggestion we can totally ignore him! SQL - Shmeequal" Rant aside; I would defer the logistics to the client. He wants the DB to shutdown when he's not in the office? Ok no problem - not what it was designed to do, but no problem! "How would you like the system to be aware of rather or not you're in the office? It can assume you are between these hours; You can log into a screen that unlocked it, but then you have to logout; we can put a motion detector in your office; ... etc." This would put the consequences of the system off on the client. Because if this system works then there will be consequences and you'll look like a jerk :-) Btw, are there no cron / batch jobs that need to run over night? Chris
RE: [PHP] 1984 (Big Brother)
> -Original Message- > From: tedd [mailto:t...@sperling.com] > Sent: Sunday, September 12, 2010 9:32 AM > To: PHP-General list > Subject: [PHP] 1984 (Big Brother) > > Hi gang: > > I have a client who wants his employees' access to their online > business database restricted to only times when he is logged on. > (Don't ask why) > > In other words, when the boss is not logged on, then his employees > cannot access the business database in any fashion whatsoever > including checking to see if the boss is logged on, or not. No access > whatsoever! > > Normally, I would just set up a field in the database and have that > set to "yes" or "no" as to if the employees could access the > database, or not. But in this case, the boss does not want even that > type of access to the database permitted. Repeat -- No access > whatsoever! > > I was thinking of the boss' script writing to a file that > accomplished the "yes" or "no" thing, but if the boss did not log off > properly then the file would remain in the "yes" state allowing > employees undesired access. That would not be acceptable. > > So, what methods would you suggest? > > Cheers, > > tedd You sure know how to pick'em Tedd. This is the second "whacky" client you've posted about on the list... This guy sounds like a real control-freak (read: tool). One other thing I'll throw out is the use of a crontab to start/stop mysql during "boss's hours". I don't have a complete solution for you as I just don't care enough about helping this Dbag lord over his employees like that, but I suspect you could have "/etc/init.d/mysql start" or "stop" at some pre-determined times like 8am - noon. Then noon till 5pm. Or something. RDBMS are not really designed to be turned on and off like that. Another option is to maybe use M$ Access instead (which does have a multi-user mode). Use ODBC to connect via PHP to it. So then he would start up the DB when he likes and shut it down when he likes. (note that a logout of Windows will NOT prevent the ODBC connection as it is a service -- as God intended RDBMS to be) http://www.configure-all.com/php_access.php This guy is making me angry just thinking about it! d -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Mon, Sep 13, 2010 at 12:47:24PM -0400, tedd wrote: > When I get rich enough to hire myself, then I'll tell myself what to > do. Until then, I'm just a worker bee and follow the hive. Oh, heck, you don't have to wait that long. We'll tell you what to do for *free*! ;-} Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
At 12:39 PM -0400 9/13/10, Marc Guay wrote: > if steve's idea is something doable.. why don't you consider setting up the mysql data dir on some removable media (thumb/flash drive)? It seems to me that almost no matter what method you choose, you're going to have to ask the client to do something manually - whether that's logging out of the website, shutting down his computer, removing a thumb drive, or whatever - so you might as well be upfront about that and see how he responds. Provide the different options and get them to choose one, at some point they'll need to take a bit of personal responsibility for the management of this paranoid system. Marc Marc: What everyone has suggested, I have done. But the decision remains the client's. When I get rich enough to hire myself, then I'll tell myself what to do. Until then, I'm just a worker bee and follow the hive. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
> if steve's idea is something doable.. why don't you consider setting > up the mysql data dir on some removable media (thumb/flash drive)? It seems to me that almost no matter what method you choose, you're going to have to ask the client to do something manually - whether that's logging out of the website, shutting down his computer, removing a thumb drive, or whatever - so you might as well be upfront about that and see how he responds. Provide the different options and get them to choose one, at some point they'll need to take a bit of personal responsibility for the management of this paranoid system. Marc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
hi tedd, if steve's idea is something doable.. why don't you consider setting up the mysql data dir on some removable media (thumb/flash drive)? so the boss can pull it off if he is going home. and it's easy to detect this in code and display a message to system users, something similar to that 'mysql server has gone away' message. (boss has gone away) :) ~viraj On Mon, Sep 13, 2010 at 7:13 PM, Bob McConnell wrote: > From: tedd > >> At 9:10 AM -0400 9/13/10, Steve Staples wrote: >>>here's a silly idea... >>> >>>put the database on his computer (or the entire app). that way, when >>>he's *there* he is logged in. if the computer is off, he's not there, >>>the app wont work (and the database). >> >> Silly or not, that *would* work. >> >> Now I have to figure out how to do that. > > This may be the only way to do it, but it shouldn't be too hard to > figure out. If he turns off the computer every time he leaves his desk, > it can be installed anywhere, even as a service. But if he leaves the > computer on, it has to be on his desktop, probably with an entry in his > Start directory to start it when he logs in. But he has to actually log > out of the desktop to block access, not just leave it in the screen > saver. > > Bob McConnell > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] 1984 (Big Brother)
From: tedd > At 11:55 PM -0400 9/12/10, Paul M Foster wrote: >> >>I hate to seem flippant, but here would be my conversation with this >>customer: >> >>Customer: "My employees got access to the database while I was gone >>yesterday!" >> >>Consultant: "Well, let's see. Oh, it appears you didn't properly log >>out." >> >>Customer: "Yes, but I was *gone*. They weren't supposed to be able to >>access the database unless I'm *here*." >> >>Consultant: "The only way we know that is if you log in and log out >>properly. Now, if you like, we can put a nanny-cam in your office, and >>whenever you're not there (like in the bathroom), the whole thing shuts >>down. That will cost $x. Your choice. We've been working on the >>mind-reading extension to PHP, but it's not finished yet." > > Customer: Thanks for your opinion. We'll be in touch. > > Customer to his secretary: Let's find someone who knows how to do this. Anybody that tells him it can be done is lying through their teeth and will just be stealing his money. He probably deserves what he gets in this case. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] 1984 (Big Brother)
From: tedd > At 9:10 AM -0400 9/13/10, Steve Staples wrote: >>here's a silly idea... >> >>put the database on his computer (or the entire app). that way, when >>he's *there* he is logged in. if the computer is off, he's not there, >>the app wont work (and the database). > > Silly or not, that *would* work. > > Now I have to figure out how to do that. This may be the only way to do it, but it shouldn't be too hard to figure out. If he turns off the computer every time he leaves his desk, it can be installed anywhere, even as a service. But if he leaves the computer on, it has to be on his desktop, probably with an entry in his Start directory to start it when he logs in. But he has to actually log out of the desktop to block access, not just leave it in the screen saver. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
At 11:55 PM -0400 9/12/10, Paul M Foster wrote: I hate to seem flippant, but here would be my conversation with this customer: Customer: "My employees got access to the database while I was gone yesterday!" Consultant: "Well, let's see. Oh, it appears you didn't properly log out." Customer: "Yes, but I was *gone*. They weren't supposed to be able to access the database unless I'm *here*." Consultant: "The only way we know that is if you log in and log out properly. Now, if you like, we can put a nanny-cam in your office, and whenever you're not there (like in the bathroom), the whole thing shuts down. That will cost $x. Your choice. We've been working on the mind-reading extension to PHP, but it's not finished yet." Customer: Thanks for your opinion. We'll be in touch. Customer to his secretary: Let's find someone who knows how to do this. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
At 9:10 AM -0400 9/13/10, Steve Staples wrote: here's a silly idea... put the database on his computer (or the entire app). that way, when he's *there* he is logged in. if the computer is off, he's not there, the app wont work (and the database). Steve Silly or not, that *would* work. Now I have to figure out how to do that. Thanks, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Mon, 2010-09-13 at 09:10 -0400, Steve Staples wrote: > here's a silly idea... > > put the database on his computer (or the entire app). that way, when > he's *there* he is logged in. if the computer is off, he's not there, > the app wont work (and the database). > > Steve > > > > On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote: > > On 12 September 2010 17:32, tedd wrote: > > > Hi gang: > > > > > > I have a client who wants his employees' access to their online business > > > database restricted to only times when he is logged on. (Don't ask why) > > > > > > In other words, when the boss is not logged on, then his employees cannot > > > access the business database in any fashion whatsoever including checking > > > to > > > see if the boss is logged on, or not. No access whatsoever! > > > > > > Normally, I would just set up a field in the database and have that set to > > > "yes" or "no" as to if the employees could access the database, or not. > > > But > > > in this case, the boss does not want even that type of access to the > > > database permitted. Repeat -- No access whatsoever! > > > > > > I was thinking of the boss' script writing to a file that accomplished the > > > "yes" or "no" thing, but if the boss did not log off properly then the > > > file > > > would remain in the "yes" state allowing employees undesired access. That > > > would not be acceptable. > > > > > > So, what methods would you suggest? > > > > > > Cheers, > > > > > > tedd > > > > What operating system is he using? > > > > Does he (for example), log into his computer and logoff/shutdown when > > he goes home? > > > > If he is using Windows (and I'm sure there are many ways to achieve > > this), then in the Startup folder, a small PHP script which sets a > > flag "I'm here", would allow the DB to know he's at least logged in. > > > > There are different ways to do this. > > http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html > > covers login/logout/startup/shutdown. > > > > > > Do they have a clock card system for clocking in/out the building? > > Could you read the database that the clockings are logged in? An odd > > number for the day = he's in, even = he's out, missed clocking = > > screwed/guess. > > > > Ideally you want to "hook" into his normal activity if you can. > > > > > > > > -- > > Richard Quadling > > Twitter : EE : Zend > > @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY > > > > > That's a genius idea! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] 1984 (Big Brother)
here's a silly idea... put the database on his computer (or the entire app). that way, when he's *there* he is logged in. if the computer is off, he's not there, the app wont work (and the database). Steve On Mon, 2010-09-13 at 11:26 +0100, Richard Quadling wrote: > On 12 September 2010 17:32, tedd wrote: > > Hi gang: > > > > I have a client who wants his employees' access to their online business > > database restricted to only times when he is logged on. (Don't ask why) > > > > In other words, when the boss is not logged on, then his employees cannot > > access the business database in any fashion whatsoever including checking to > > see if the boss is logged on, or not. No access whatsoever! > > > > Normally, I would just set up a field in the database and have that set to > > "yes" or "no" as to if the employees could access the database, or not. But > > in this case, the boss does not want even that type of access to the > > database permitted. Repeat -- No access whatsoever! > > > > I was thinking of the boss' script writing to a file that accomplished the > > "yes" or "no" thing, but if the boss did not log off properly then the file > > would remain in the "yes" state allowing employees undesired access. That > > would not be acceptable. > > > > So, what methods would you suggest? > > > > Cheers, > > > > tedd > > What operating system is he using? > > Does he (for example), log into his computer and logoff/shutdown when > he goes home? > > If he is using Windows (and I'm sure there are many ways to achieve > this), then in the Startup folder, a small PHP script which sets a > flag "I'm here", would allow the DB to know he's at least logged in. > > There are different ways to do this. > http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html > covers login/logout/startup/shutdown. > > > Do they have a clock card system for clocking in/out the building? > Could you read the database that the clockings are logged in? An odd > number for the day = he's in, even = he's out, missed clocking = > screwed/guess. > > Ideally you want to "hook" into his normal activity if you can. > > > > -- > Richard Quadling > Twitter : EE : Zend > @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On 12 September 2010 17:32, tedd wrote: > Hi gang: > > I have a client who wants his employees' access to their online business > database restricted to only times when he is logged on. (Don't ask why) > > In other words, when the boss is not logged on, then his employees cannot > access the business database in any fashion whatsoever including checking to > see if the boss is logged on, or not. No access whatsoever! > > Normally, I would just set up a field in the database and have that set to > "yes" or "no" as to if the employees could access the database, or not. But > in this case, the boss does not want even that type of access to the > database permitted. Repeat -- No access whatsoever! > > I was thinking of the boss' script writing to a file that accomplished the > "yes" or "no" thing, but if the boss did not log off properly then the file > would remain in the "yes" state allowing employees undesired access. That > would not be acceptable. > > So, what methods would you suggest? > > Cheers, > > tedd What operating system is he using? Does he (for example), log into his computer and logoff/shutdown when he goes home? If he is using Windows (and I'm sure there are many ways to achieve this), then in the Startup folder, a small PHP script which sets a flag "I'm here", would allow the DB to know he's at least logged in. There are different ways to do this. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21195727.html covers login/logout/startup/shutdown. Do they have a clock card system for clocking in/out the building? Could you read the database that the clockings are logged in? An odd number for the day = he's in, even = he's out, missed clocking = screwed/guess. Ideally you want to "hook" into his normal activity if you can. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
i m not sure if i usderstood your question completely. by database you mean something like phpmyadmin, right ? i would save the latest session id of the boss in a file, and every time an employee tries to log in, verify the time stamp of the session file in the tmp folder. and if the boss logs out... clear off the tmp folder to ensure that the employees dosent have further access. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Sun, Sep 12, 2010 at 12:32:21PM -0400, tedd wrote: > Hi gang: > > I have a client who wants his employees' access to their online > business database restricted to only times when he is logged on. > (Don't ask why) > > In other words, when the boss is not logged on, then his employees > cannot access the business database in any fashion whatsoever > including checking to see if the boss is logged on, or not. No access > whatsoever! > > Normally, I would just set up a field in the database and have that > set to "yes" or "no" as to if the employees could access the > database, or not. But in this case, the boss does not want even that > type of access to the database permitted. Repeat -- No access > whatsoever! > > I was thinking of the boss' script writing to a file that > accomplished the "yes" or "no" thing, but if the boss did not log off > properly then the file would remain in the "yes" state allowing > employees undesired access. That would not be acceptable. > > So, what methods would you suggest? I hate to seem flippant, but here would be my conversation with this customer: Customer: "My employees got access to the database while I was gone yesterday!" Consultant: "Well, let's see. Oh, it appears you didn't properly log out." Customer: "Yes, but I was *gone*. They weren't supposed to be able to access the database unless I'm *here*." Consultant: "The only way we know that is if you log in and log out properly. Now, if you like, we can put a nanny-cam in your office, and whenever you're not there (like in the bathroom), the whole thing shuts down. That will cost $x. Your choice. We've been working on the mind-reading extension to PHP, but it's not finished yet." Other than the "boss file", I don't see another way. And as you said, if he doesn't log out properly, the boss file will allow access when he didn't intend to allow it. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Sun, Sep 12, 2010 at 06:07:57PM -0500, Tamara Temple wrote: > > I've been in business and technology consulting for years and years, > and very successful at getting customer's desired outcomes. I don't > think their notions "strange" or "unusual" -- just that without > further elicitation, one cannot understand what they are truly > desiring, and to find out what they don't want as an outcome of their > up-front stated goals. > > >I don't pass judgement. I simply advise (based upon my limited > >understanding of things) and let the client make the calls. After > >all, he's the one paying the bills and he has answers for the > >remainder of your questions. > > It's not a question of passing judgement on someone's ideas. It's a > question of finding the best solution for the customer's actual needs > and desires. It's almost always the case that further exploration of > the customer's concerns behind their thoughts has proven to give them > a much more robust and useful solution and gets them what they are > really after. Most people aren't aware of the assumptions and > conclusions they have. Eliciting more information can lead to better > solutions for all. Blind faith in the customer's stated requirements > can lead one to a disastrous conclusion. It's been said all over the > net that customers don't really know what they want until they see it. > Further, that they don't know what they don't want until it happens to > them. I believe in delivering the most value to the customer for their > money, and that means understanding their needs as best as possible, > and that is done by exploring their business models, assumptions, and > needs. +1 I won't argue with Tedd about this, but perhaps this is why I don't do business consulting any more. When I would come across a customer like this, I would argue with them and probe until I found out what they where *really* trying to do. It was usually some confused idea they had about something, or something they were doing which wasn't entirely ethical they were trying to cover. But again, it's Tedd's client. He can do as he likes. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Sep 12, 2010, at 4:48 PM, tedd wrote: At 4:05 PM -0500 9/12/10, Tamara Temple wrote: Sounds like there are some security concerns here. On Sep 12, 2010, at 11:32 AM, tedd wrote: I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why) I do wonder why, though. Perhaps this is an opportunity to educate someone about security and privacy and web applications? Does he feel that by being logged in, he can control every aspect of connection to the data base? Or even be aware of every access to the data base? What is he hoping to accomplish be being logged in? Does he propose to actively monitor the data base transactions in real time while he's at work? What is he hoping to avoid by requiring his logged in state before anyone else can access the data base? Just being logged in won't dissuade a cracker from attacking his data if they so choose, nor will it prevent a disgruntled employee from damaging the data while he's logged in if they have the expertise and means. Tamara: I said "Don't ask why" Wondering isn't asking. I don't personally care why. It's not my client, not my business, not my problem. You see, people often have strange notions about "their" business or unusual ideas about how to do things, That goes with consulting. While many may find that odd, but some of the most revolutionary ideas come from such unusual thinking. I've been in business and technology consulting for years and years, and very successful at getting customer's desired outcomes. I don't think their notions "strange" or "unusual" -- just that without further elicitation, one cannot understand what they are truly desiring, and to find out what they don't want as an outcome of their up-front stated goals. I don't pass judgement. I simply advise (based upon my limited understanding of things) and let the client make the calls. After all, he's the one paying the bills and he has answers for the remainder of your questions. It's not a question of passing judgement on someone's ideas. It's a question of finding the best solution for the customer's actual needs and desires. It's almost always the case that further exploration of the customer's concerns behind their thoughts has proven to give them a much more robust and useful solution and gets them what they are really after. Most people aren't aware of the assumptions and conclusions they have. Eliciting more information can lead to better solutions for all. Blind faith in the customer's stated requirements can lead one to a disastrous conclusion. It's been said all over the net that customers don't really know what they want until they see it. Further, that they don't know what they don't want until it happens to them. I believe in delivering the most value to the customer for their money, and that means understanding their needs as best as possible, and that is done by exploring their business models, assumptions, and needs. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
At 4:05 PM -0500 9/12/10, Tamara Temple wrote: Sounds like there are some security concerns here. On Sep 12, 2010, at 11:32 AM, tedd wrote: I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why) I do wonder why, though. Perhaps this is an opportunity to educate someone about security and privacy and web applications? Does he feel that by being logged in, he can control every aspect of connection to the data base? Or even be aware of every access to the data base? What is he hoping to accomplish be being logged in? Does he propose to actively monitor the data base transactions in real time while he's at work? What is he hoping to avoid by requiring his logged in state before anyone else can access the data base? Just being logged in won't dissuade a cracker from attacking his data if they so choose, nor will it prevent a disgruntled employee from damaging the data while he's logged in if they have the expertise and means. Tamara: I said "Don't ask why" You see, people often have strange notions about "their" business or unusual ideas about how to do things, That goes with consulting. While many may find that odd, but some of the most revolutionary ideas come from such unusual thinking. For example, take a look at Henry Ford at his investigation and research to control not only what people work on, but how they perform their work. Without his efforts, I would think the idea of the assembly line would have surfaced many years later by someone else with similar ideas. I'm sure that many people would look upon Steve Jobs and what he expects from his employees and think that odd, but look at the results. I don't pass judgement. I simply advise (based upon my limited understanding of things) and let the client make the calls. After all, he's the one paying the bills and he has answers for the remainder of your questions. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
Sounds like there are some security concerns here. On Sep 12, 2010, at 11:32 AM, tedd wrote: I have a client who wants his employees' access to their online business database restricted to only times when he is logged on. (Don't ask why) I do wonder why, though. Perhaps this is an opportunity to educate someone about security and privacy and web applications? Does he feel that by being logged in, he can control every aspect of connection to the data base? Or even be aware of every access to the data base? What is he hoping to accomplish be being logged in? Does he propose to actively monitor the data base transactions in real time while he's at work? What is he hoping to avoid by requiring his logged in state before anyone else can access the data base? Just being logged in won't dissuade a cracker from attacking his data if they so choose, nor will it prevent a disgruntled employee from damaging the data while he's logged in if they have the expertise and means. Also, what happens when he's sick or incapacitated some day and can't log in to the data base. Does he expect his business to continue without his presence or does it also shut down for the day? This just seems like an excessive amount of paranoia that his solution won't provide an answer for. It seems like a poor business decision on his part. In other words, when the boss is not logged on, then his employees cannot access the business database in any fashion whatsoever including checking to see if the boss is logged on, or not. No access whatsoever! What about access to the web application while he's not logged in? Do they still have that? If someone is determined, they can still learn a lot. Normally, I would just set up a field in the database and have that set to "yes" or "no" as to if the employees could access the database, or not. But in this case, the boss does not want even that type of access to the database permitted. Repeat -- No access whatsoever! I was thinking of the boss' script writing to a file that accomplished the "yes" or "no" thing, but if the boss did not log off properly then the file would remain in the "yes" state allowing employees undesired access. That would not be acceptable. So, what methods would you suggest? What about access to a parallel data base that only contains information pertaining to access? i.e. separate out the application's authentication and access control from the main data base and put it in a parallel data base. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
tedd wrote: > Hi gang: > > I have a client who wants his employees' access to their online > business database restricted to only times when he is logged on. > (Don't ask why) > > In other words, when the boss is not logged on, then his employees > cannot access the business database in any fashion whatsoever > including checking to see if the boss is logged on, or not. No access > whatsoever! > > Normally, I would just set up a field in the database and have that > set to "yes" or "no" as to if the employees could access the > database, or not. But in this case, the boss does not want even that > type of access to the database permitted. Repeat -- No access > whatsoever! > > I was thinking of the boss' script writing to a file that > accomplished the "yes" or "no" thing, but if the boss did not log off > properly then the file would remain in the "yes" state allowing > employees undesired access. That would not be acceptable. > > So, what methods would you suggest? I would ask the boss to confirm his presence maybe once an hour and only allow employees access when the last such confirmation is less than an hour old. -- Per Jessen, Zürich (21.4°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] 1984 (Big Brother)
On Sun, 2010-09-12 at 12:32 -0400, tedd wrote: > Hi gang: > > I have a client who wants his employees' access to their online > business database restricted to only times when he is logged on. > (Don't ask why) > > In other words, when the boss is not logged on, then his employees > cannot access the business database in any fashion whatsoever > including checking to see if the boss is logged on, or not. No access > whatsoever! > > Normally, I would just set up a field in the database and have that > set to "yes" or "no" as to if the employees could access the > database, or not. But in this case, the boss does not want even that > type of access to the database permitted. Repeat -- No access > whatsoever! > > I was thinking of the boss' script writing to a file that > accomplished the "yes" or "no" thing, but if the boss did not log off > properly then the file would remain in the "yes" state allowing > employees undesired access. That would not be acceptable. > > So, what methods would you suggest? > > Cheers, > > tedd > > -- > --- > http://sperling.com/ > What about using the timestamp of that file as well? Then have the boss's login update the file periodically, and the employees can only access if the file exists and is of a certain age or newer. That should solve the easiest problem, although you still are left with the issue of the boss... Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] 1984 (Big Brother)
Tedd- Would he consider access to another database? I.e. a separate, say memcached db which stores the "boss" status? An issue with the temporary file would also be session length, if the session expires without the user explicitly logging off, the file wouldn't be removed. A way to bypass this would be to add some sort of session expiration header to the file and update that. And couldn't you make a simple check if the boss is logged in or not by the ability to access the database? Regards, -Josh Joshua Kehn | josh.k...@gmail.com http://joshuakehn.com On Sep 12, 2010, at 12:32 PM, tedd wrote: > Hi gang: > > I have a client who wants his employees' access to their online business > database restricted to only times when he is logged on. (Don't ask why) > > In other words, when the boss is not logged on, then his employees cannot > access the business database in any fashion whatsoever including checking to > see if the boss is logged on, or not. No access whatsoever! > > Normally, I would just set up a field in the database and have that set to > "yes" or "no" as to if the employees could access the database, or not. But > in this case, the boss does not want even that type of access to the database > permitted. Repeat -- No access whatsoever! > > I was thinking of the boss' script writing to a file that accomplished the > "yes" or "no" thing, but if the boss did not log off properly then the file > would remain in the "yes" state allowing employees undesired access. That > would not be acceptable. > > So, what methods would you suggest? > > Cheers, > > tedd > > -- > --- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php