[Asterisk-biz] A question about ethics, I suppose
steve szmidt
steve at szmidt.org
Thu May 26 10:50:10 MST 2005
On Thursday 26 May 2005 13:19, Joey Kelly wrote:
> On Monday May 23 2005 19:04, Michael Giagnocavo spake:
> > Even better is leaving a "secret" backdoor, that they AGREE to. Sure, if
> > they hire good enough people they can disable it. But at least it gives
> > you some level of security.
>
> This is a BAD IDEA. We're quick to complain about security holes in others'
> software, aren't we? A secret back door won't remain secret for long.
Yeah, that's not a good idea. What you do is put a module that require you to
enter a code on a specific date. If that does not occur it stops working.
I also like using a counter rather than a date. After so many hours it shuts
down. Set into the future not on the due date. Makes it work with late
payments to some degree. Then give a Fatal System Error.
You need one field that either counts up or down, and then one with a coded
value that matches a hard coded value. So if the db is emptied it does not
have the proper value. (Of course you can really go to town on this kind of
setup. I just don't find simple date checks to be effective as it's commonly
known, and just as easily circumvented.)
The liability is that it needs to be shut down once they pay. You don't want
it to create a problem later. This I usually solve by having a "fix" which
does away with that module.
--
Steve Szmidt
"They that would give up essential liberty for temporary safety
deserve neither liberty nor safety."
Benjamin Franklin
More information about the asterisk-biz
mailing list