@ub and @cb issues - an idea

Bill Akers billa at mgmindustries.com
Wed Apr 21 12:52:57 PDT 2004


Jay R. Ashworth wrote:
> On Wed, Apr 21, 2004 at 01:09:32PM -0400, GCC Consulting wrote:
> 
>>I wrote a physician's credentialing system which required much more
>>tracking of who did what & when then even the *nix system maintained
>>fields offered. It took a separate file(s) to track the information
>>management wanted as to who did what & when. This included who
>>looked or printed information(when by date & time) and 10 levels of
>>modification tracking (complete "secret" copies of before(when "<U>
>>was pressed & after snapshots of the data). Too much information to
>>just track the change. It took 12 screens to get all of the data.
> 
> 
> Ah, yes; auditing.

I had a package with similar audting, although not quite that extensive. 
         All users logged in under one unix login name to generate the 
ticket. It was to their advantage to properly identify themselves as the 
originator of the ticket for several reasons, including that they would 
be fired if their productivity was too low. The reason that we used one 
login was that a terminal would stay logged in all day and everyone who 
worked there would use any terminal that was available. It was 
absolutely necessary to do this because of the nature of the business. 
No one had an assigned work ststion. It therefore became necessary to 
have user names in a file along with passwords, and to have passworded 
access to the some functions of the system, especially to any areas 
where modifications of a ticket could be made after it was stored. 
Generally only certain trusted employees could modify stored informstion.

> 
> I've often wished for a *clean* way to get "what this field had in it
> before I changed it" in WLF processing -- one, that is, that didn't
> require either a WEF* with a temp dummy that couldn't have the proper
> edit, or a separate routine for each field -- @PV would be nice.  :-)
> 
> 
>>The above system had it's own login file controlling access to the
>>system. One set of files was available to anyone. The other file
>>had permission controls applied even before any data could be seen.
>>This file required a second login to insure that someone other then
>>the person logged in to the computer wasn't trying to access the
>>restricted file.
> 
> 
> I'm curious; assuming this was on Unix, why wasn't checking @ID good
> enough for the security you needed?

Unless you are using controlled terminals that are locked by the user 
when he/she leaves the work area, @id most likely will not work well as 
almost anyone in an office that does the same job could use the terminal 
for a period of time, especially if they happen, for instance, to answer 
the phone at that station and need to look up and maybe modify a 
workorder. But if you use a user/password system for modifications to 
the workorder then you will know who does what, regardless of who is 
logged in at that station, unless the office manager is lack-a-daisical 
about security and hands out user'slogin names and passwords like they 
were M&M's.

> 
> Cheers,
> -- jra



-- 
William Akers
MGM Industries, Inc.
Hendersonville TN USA



More information about the Filepro-list mailing list