@ub and @cb issues - an idea
Jay R. Ashworth
jra at baylink.com
Wed Apr 21 14:25:09 PDT 2004
On Wed, Apr 21, 2004 at 02:52:57PM -0500, Bill Akers wrote:
> > Ah, yes; auditing.
>
> I had a package with similar audting, although not quite that extensive.
> All users logged in under one unix login name to generate the
> ticket. It was to their advantage to properly identify themselves as the
> originator of the ticket for several reasons, including that they would
> be fired if their productivity was too low. The reason that we used one
> login was that a terminal would stay logged in all day and everyone who
> worked there would use any terminal that was available. It was
> absolutely necessary to do this because of the nature of the business.
Ah, yes; Point of Sale. :-)
> No one had an assigned work ststion. It therefore became necessary to
> have user names in a file along with passwords, and to have passworded
> access to the some functions of the system, especially to any areas
> where modifications of a ticket could be made after it was stored.
> Generally only certain trusted employees could modify stored informstion.
See below.
> >>The above system had it's own login file controlling access to the
> >>system. One set of files was available to anyone. The other file
> >>had permission controls applied even before any data could be seen.
> >>This file required a second login to insure that someone other then
> >>the person logged in to the computer wasn't trying to access the
> >>restricted file.
> >
> > I'm curious; assuming this was on Unix, why wasn't checking @ID good
> > enough for the security you needed?
>
> Unless you are using controlled terminals that are locked by the user
> when he/she leaves the work area, @id most likely will not work well as
> almost anyone in an office that does the same job could use the terminal
> for a period of time, especially if they happen, for instance, to answer
> the phone at that station and need to look up and maybe modify a
> workorder. But if you use a user/password system for modifications to
> the workorder then you will know who does what, regardless of who is
> logged in at that station, unless the office manager is lack-a-daisical
> about security and hands out user'slogin names and passwords like they
> were M&M's.
If procedure isn't secure, no mechanism is capable of being so.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Member of the Technical Staff Baylink RFC 2100
The Suncoast Freenet The Things I Think
Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274
"They had engineers in my day, too." -- Perry Vance Nelson
More information about the Filepro-list
mailing list