[Asterisk-biz] A question about ethics, I suppose

steve szmidt steve at szmidt.org
Thu May 26 10:50:10 MST 2005


On Thursday 26 May 2005 13:19, Joey Kelly wrote:
> On Monday May 23 2005 19:04, Michael Giagnocavo spake:
> > Even better is leaving a "secret" backdoor, that they AGREE to. Sure, if
> > they hire good enough people they can disable it. But at least it gives
> > you some level of security.
>
> This is a BAD IDEA. We're quick to complain about security holes in others'
> software, aren't we? A secret back door won't remain secret for long.

Yeah, that's not a good idea. What you do is put a module that require you to 
enter a code on a specific date. If that does not occur it stops working.

I also like using a counter rather than a date. After so many hours it shuts 
down. Set into the future not on the due date. Makes it work with late 
payments to some degree. Then give a Fatal System Error.

You need one field that either counts up or down, and then one with a coded 
value that matches a hard coded value. So if the db is emptied it does not 
have the proper value. (Of course you can really go to town on this kind of 
setup. I just don't find simple date checks to be effective as it's commonly 
known, and just as easily circumvented.)

The liability is that it needs to be shut down once they pay. You don't want 
it to create a problem later. This I usually solve by having a "fix" which 
does away with that module.
-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety 
deserve neither liberty nor safety."
                                Benjamin Franklin



More information about the asterisk-biz mailing list