[DUG] In case you're interested (or buy stuff)

Dennis Chuah dennis_cs_chuah at hotmail.com
Thu May 4 13:17:23 NZST 2006 

Backdoors are inherently dangerous.  If found out, they can be exploited to 
hack into your client's system.

> What do you do if the client phones up and they have lost their password 
> to access your app ?

Integrate with active directory and you never have to worry about passwords, 
etc. again.  Push the problem back to the client and let their IT dept sort 
it out themselves.

> What do you do if the user has sent their database over for some fault 
> finding and you cant access it without the clients password ?

Surely, you can compile a local version of the application that does not 
require passwords.

> What do you do when you are contracting and you want to prove you did 
> [snip]

Source Control.

Furthermore, if you have been contracted to work as part of a team, then by 
virtue of your source code check-in's, you have proved that you did the 
work.

Otherwise, if you have been contracted to complete an application / module, 
outside of the team, then the delivery of the application / module is proof 
enough!

In any case, I think putting your name into source code is very poor 
practise.  It is better to write good requirements and add comments rather 
than rely on the knowledge of the programmer.  Use source control to keep an 
audit trail of changes.


----- Original Message ----- 
From: "Rohit Gupta" <r.gupta at xtra.co.nz>
To: "NZ Borland Developers Group - Delphi List" <delphi at ns3.123.co.nz>
Sent: Thursday, May 04, 2006 10:51 AM
Subject: Re: [DUG] In case you're interested (or buy stuff)


> Really !!
> What do you do if the client phones up and they have lost their password 
> to access your app ?
> What do you do if the user has sent their database over for some fault 
> finding and you cant access it without the clients password ?
>
> What do you do when you are contracting and you want to prove you did the 
> work, but the idiotic contractee keeps removing all reference to you from 
> the code ?  One memorable instance of this was  when I wrote a CPM clone 
> optimised for Z80 for Sord Computers and they kept removing my name from 
> the code.  Eventually I had to invent an error message and code that 
> looked legit.  But if three specific keys were pressed simultaneously, it 
> popped up a message saying that I wrote it.
>
> We generally have a continuously variable master password to let us in as 
> a legit user.  There are also various environment variables, registry 
> entries and ini file settings that allow us to maintain the system 
> effectively.
>
> For any of these to work, we need physical access to the machine with the 
> app and database.  We dont any remotely controlled access.
>
> Heres an interesting point relating to Elsie4, the Bonus Bonds app.  It 
> runs on Windows but Windows has been restricted and hobbled so that you 
> can not do anything else but run the app.  When the device is at our 
> office, we can still get in though to change printers or apply updates 
> etc.  Is this a back door ?
>
> tracey wrote:
>> Your only app without a back door???
>> That sounds pretty scary to me.  How many other devs leave back doors???
>>
>>
>>
>>
>
>
> _______________________________________________
> Delphi mailing list
> Delphi at ns3.123.co.nz
> http://ns3.123.co.nz/mailman/listinfo/delphi
>

More information about the Delphi mailing list