Jump to content

Archived

This topic is now archived and is closed to further replies.

scottybwoy

Security Question

Recommended Posts

Didn't really know if I should put this here, but it does have a little to do with PHP, so here goes.

I'm developing an InTRanet system for my company, which runs Win2k throughout.  My login script works from active users on the server.  These users must be entered into the database before they can logon and are only allowed one session at a time.  So when they are at work it should be fine, yeah?  But when they are at home and their computers are off.  Is the information safe?  Only 3 users will have access to delete records, and only one directory has execution rights, containing just two files.

Thanks in advance

Share this post


Link to post
Share on other sites
i don't know if i understand you correctly , but as i understand you want to unactive some accounts when their users aren't in the company .

If i right , i think you have dual solution , the first solution is unactive these accounts after X clock , i mean in the login script you can check server time , if the server time is 3 PM or high stop the log in , otherwise if the time is between 8 AM to 2 PM login without any problem .

the second solution you can do it if you have Unix server by Corn jobs .

Share this post


Link to post
Share on other sites
Hi Yeah, thats correct, although I really wanted to know if this is a secure way of doing it really as there is no real login so to speak.  There is of course but it is done in the background, via the usernames within the network.  We're using Win 2k also.  So when a user logs into any machine (Windows Authentication), there user name is grabbed when index.php is executed then compared against the names in the database, if it's there let them to the home page, if not tell them to contact the administrator to set up an account for them.  Just wondered if people could easily hack it if the computers were turned off at nite, and the users were logged in most of the day only allowing 1 session at a time for each user?

Share this post


Link to post
Share on other sites
as a administarator you should let users only sign up there user accouns with letters and numbers and use them as microsoft described as to all admins when learning the adminstration pannel within windows.

if the users accounts are set in a good fashion then i see no problam.

but if the administrator is letting users make accounts with stupid usernames and passwords then you might get hacked by someone coming accross the company website that is linked to the InTRanet

in your case it all comes down to user accounts made via admin for securty purpose.
good luck.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.