@ub and @cb issues - an idea

Jay R. Ashworth jra at baylink.com
Wed Apr 21 14:25:09 PDT 2004


On Wed, Apr 21, 2004 at 02:52:57PM -0500, Bill Akers wrote:
> > Ah, yes; auditing.
> 
> I had a package with similar audting, although not quite that extensive. 
>          All users logged in under one unix login name to generate the 
> ticket. It was to their advantage to properly identify themselves as the 
> originator of the ticket for several reasons, including that they would 
> be fired if their productivity was too low. The reason that we used one 
> login was that a terminal would stay logged in all day and everyone who 
> worked there would use any terminal that was available. It was 
> absolutely necessary to do this because of the nature of the business. 

Ah, yes; Point of Sale.  :-)

> No one had an assigned work ststion. It therefore became necessary to 
> have user names in a file along with passwords, and to have passworded 
> access to the some functions of the system, especially to any areas 
> where modifications of a ticket could be made after it was stored. 
> Generally only certain trusted employees could modify stored informstion.

See below.

> >>The above system had it's own login file controlling access to the
> >>system. One set of files was available to anyone. The other file
> >>had permission controls applied even before any data could be seen.
> >>This file required a second login to insure that someone other then
> >>the person logged in to the computer wasn't trying to access the
> >>restricted file.
> > 
> > I'm curious; assuming this was on Unix, why wasn't checking @ID good
> > enough for the security you needed?
> 
> Unless you are using controlled terminals that are locked by the user 
> when he/she leaves the work area, @id most likely will not work well as 
> almost anyone in an office that does the same job could use the terminal 
> for a period of time, especially if they happen, for instance, to answer 
> the phone at that station and need to look up and maybe modify a 
> workorder. But if you use a user/password system for modifications to 
> the workorder then you will know who does what, regardless of who is 
> logged in at that station, unless the office manager is lack-a-daisical 
> about security and hands out user'slogin names and passwords like they 
> were M&M's.

If procedure isn't secure, no mechanism is capable of being so.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra at baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

        "They had engineers in my day, too."  -- Perry Vance Nelson


More information about the Filepro-list mailing list