Jump to content


Security Question

  • Please log in to reply
3 replies to this topic

#1 scottybwoy

  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 07 September 2006 - 08:59 AM

Didn't really know if I should put this here, but it does have a little to do with PHP, so here goes.

I'm developing an InTRanet system for my company, which runs Win2k throughout.  My login script works from active users on the server.  These users must be entered into the database before they can logon and are only allowed one session at a time.  So when they are at work it should be fine, yeah?  But when they are at home and their computers are off.  Is the information safe?  Only 3 users will have access to delete records, and only one directory has execution rights, containing just two files.

Thanks in advance

#2 MaaSTaaR

  • Members
  • PipPip
  • Member
  • 26 posts
  • LocationKuwait

Posted 07 September 2006 - 10:16 AM

i don't know if i understand you correctly , but as i understand you want to unactive some accounts when their users aren't in the company .

If i right , i think you have dual solution , the first solution is unactive these accounts after X clock , i mean in the login script you can check server time , if the server time is 3 PM or high stop the log in , otherwise if the time is between 8 AM to 2 PM login without any problem .

the second solution you can do it if you have Unix server by Corn jobs .
Sorry for my bad English, it's not my mother language and I am still learning it :)

#3 scottybwoy

  • Members
  • PipPipPip
  • Advanced Member
  • 532 posts
  • LocationUK

Posted 08 September 2006 - 10:10 AM

Hi Yeah, thats correct, although I really wanted to know if this is a secure way of doing it really as there is no real login so to speak.  There is of course but it is done in the background, via the usernames within the network.  We're using Win 2k also.  So when a user logs into any machine (Windows Authentication), there user name is grabbed when index.php is executed then compared against the names in the database, if it's there let them to the home page, if not tell them to contact the administrator to set up an account for them.  Just wondered if people could easily hack it if the computers were turned off at nite, and the users were logged in most of the day only allowing 1 session at a time for each user?

#4 redarrow

  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 08 September 2006 - 10:18 AM

as a administarator you should let users only sign up there user accouns with letters and numbers and use them as microsoft described as to all admins when learning the adminstration pannel within windows.

if the users accounts are set in a good fashion then i see no problam.

but if the administrator is letting users make accounts with stupid usernames and passwords then you might get hacked by someone coming accross the company website that is linked to the InTRanet

in your case it all comes down to user accounts made via admin for securty purpose.
good luck.
Wish i new all about php DAM i will have to learn

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users