Ethics 101

**wossname** · Apr 7th, 2004, 02:47 AM

Would you regard it as OK to build a back door into your own programs?

Say its a prog that requires users to have passwords and that holds personnel records. Assuming the developer's intentions are good and they would not use the back door for the powers of evil, is it acceptable practice? Such a back door would only be used in emergencies where everyone has lost their passwords or the system is collapsing, it may for example dump the entire DB contents to an unencrypted file. Is this even legal?

What do you think?

**Nightwalker83** · Apr 7th, 2004, 02:55 AM

Originally posted by wossname
Would you regard it as OK to build a back door into your own programs?

Say its a prog that requires users to have passwords and that holds personnel records. Assuming the developer's intentions are good and they would not use the back door for the powers of evil, is it acceptable practice? Such a back door would only be used in emergencies where everyone has lost their passwords or the system is collapsing, it may for example dump the entire DB contents to an unencrypted file. Is this even legal?

What do you think?

Yes because if the user stuffs things up the programmer needs another way get into the program to fix the error.

**DeadEyes** · Apr 7th, 2004, 03:02 AM

What happens if you don't tell someone in the company about this backdoor and they find it? Your reputation will be ruined.

**si_the_geek** · Apr 7th, 2004, 04:11 AM

Originally posted by wossname
Would you regard it as OK to build a back door into your own programs?

No. Unless you have sold the rights to the clients/users, you should have the source code, and administrator access to the database(s). If you have sold the full rights to the software then the user/client will ask for your help if they want/need it.

There should be no need for any underhand methods of accessing the data.

Say its a prog that requires users to have passwords and that holds personnel records. ... it may for example dump the entire DB contents to an unencrypted file. Is this even legal?

I'm not sure. It would depend on the data I guess, but personnel data is one of the more sensitive issues, and this may well break Data Protection laws in some countries.

**wossname** · Apr 7th, 2004, 05:16 AM

OK, to revise the situation...

I write the DB app and notify the users / owners that there is a contingency measure built in to cover emergencies, but I don't tell them how to use it (for security, or maybe just one person). It would be written in such a way that it would be tough to crack from the binaries alone.

**si_the_geek** · Apr 7th, 2004, 05:21 AM

Why is there any potential need for a back door?

Surely everything you could do with it can be done with the DBMS or the source code.

I just see it as causing yourself extra problems - obviously security issues, and the increased risk of bugs (as it will rarely, if ever, be used).

**wossname** · Apr 7th, 2004, 05:27 AM

This was really a hypothetical question. Anyway I like the idea of writing a backdoor

just curious as to the implications.

**Nightwalker83** · Apr 7th, 2004, 05:29 AM

Originally posted by DeadEyes
What happens if you don't tell someone in the company about this backdoor and they find it? Your reputation will be ruined.

Of course you would need to tell your co-workers about the back door first.

**yrwyddfa** · Apr 7th, 2004, 06:58 AM

Would you regard it as OK to build a back door into your own programs?

I call it remote support

Thread: Ethics 101

Thread Tools

Display

Ethics 101

Re: Ethics 101

Re: Ethics 101

Posting Permissions