> >On Monday May 23 2005 19:04, Michael Giagnocavo spake: >> >> Even better is leaving a "secret" backdoor, that they AGREE to. Sure, if >> they hire good enough people they can disable it. But at least it gives >you >> some level of security. >> > >This is a BAD IDEA. We're quick to complain about security holes in others'
>software, aren't we? A secret back door won't remain secret for long. Um, I think you misunderstand. Not a commercial, shipping, "Trojan"-like backdoor. I'm referring to having a deactiviation, a killswitch, even as simple as time bomb. I said "secret" (notice the quotes) because you tell the client it's there. I.e. "Client, the software has a time bomb and will deactivate in 15 days if xxx is not received". Or "I have placed code in that allows me to turn it off over the Internet for the beta code. As soon as payment is received for the full production system, this will be removed." Another option is simply making it a licensing system, and leaving pieces of the system encrypted relying on a key. I've done that with a client I no longer trusted (on very good grounds). I gave them the full source and program on a CD with encryption. I wrote the key down on paper, and after the checked cashed, I gave them the key. Every circumstance is different (obviously you don't ship retail boxed software this way!). So "secret" and "backdoor" as just terms for a wide range of things, and are not necessarily security holes. However, I've found the to be rather effective in ensuring a client doesn't get too "uppity" ;). -Michael _______________________________________________ Asterisk-Biz mailing list Asterisk-Biz@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-biz