Backdoor Entrances

[maxudaskin]

I have got a few questions for you.

 

Do you code secret login entrances?

 

If so, do you give it the same permissions as administrator accounts?

 

Do you hardwire it into the code (code it DIRECTLY into the code or put it in the same place as all of the other accounts [eg. database])?

 

Anything else you do with a secret backdoor entrance?

[corbin]

In a lot of situations, that would be straight up illegal.

 

 

 

I must admit that I have done it once, but it was not a formal deal (I was helping them pretty much as a volunteer), and I had suspected that things would turn sour at some point (it involved e-politics between two factions of a community).  The only thing my backdoor could do though was delete my own scripts, which I morally had no issues with, and I knew they would have no legal issues with.

 

 

 

 

But as far as a business setting goes, or even a formal volunteer setting, that's a horrible idea.

[Philip]

Never, and there should never be a reason to.

 

If you are the site administrator you should have full access to the site/server's control panel/root account, thus having access to everything you need. If it's for a client, it must be stated in the contract - I always just give myself an admin account so if they need help it's 2 clicks away for me.

[maxudaskin]

Is there any case that it'd be acceptable? Is there any good use for it? Ect. They accidentally delete all of the database users?

[corbin]

I can't think of a single situation in which a "backdoor entrance" would be OK.

 

 

x.x.

 

 

If they knew about it, that would be different, but the term "backdoor" implies that you are the only person with knowledge of it.

[Philip]

Is there any case that it'd be acceptable? Is there any good use for it? Ect. They accidentally delete all of the database users?

 

Well, if that were the case - I'd have backups made, and charge by the hour to fix their mistakes. It'll teach them a lesson

[maxudaskin]

Is there any case that it'd be acceptable? Is there any good use for it? Ect. They accidentally delete all of the database users?

 

Well, if that were the case - I'd have backups made, and charge by the hour to fix their mistakes. It'll teach them a lesson

But I am doing this for volunteer hours... I hope (as long as my High School will accept it towards the 40 hours mandatory community service hours).

[corbin]

What good would you hope to achieve from having a backdoor?

 

 

Why would you volunteer to do something and then undo it?

[maxudaskin]

I am not putting in code to undo anything, but to gain access if needed, but you are right, if they need help, either grant me access or tough luck.