back doors for non payers

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

ChrisSkidmore
New php-forum User
New php-forum User
Posts: 19
Joined: Sun Aug 18, 2002 4:02 am
Location: Germany

back doors for non payers

Postby ChrisSkidmore » Thu Mar 06, 2003 1:06 am

Hi,

I've been developing my first php sites as a freelancer and have a slight payment problem. I would like to give the client the site, as more work is promised, but I'm not over convinced he's going to pay!
I want to build a back door that will allow me to delete the database tables. Probably not ethical, but neither is not paying!

Only the admin area has a log in (htaccess) which can clearly be changed denying me access.

Can anyone please suggest the best method. Something that would not be noticable looking at the code (although they are not programmers), not make the site vunerable to attack from others until the point comes when I can remove it (when they have paid)

But grateful for suggestions[/quote]

User avatar
pootergeist
New php-forum User
New php-forum User
Posts: 191
Joined: Wed Jan 29, 2003 7:11 am
Location: UK
Contact:

Postby pootergeist » Thu Mar 06, 2003 2:55 am

personally I'd advise against removing db data unless you actually added the data yourself. even though you wrote the scripting behind the app, if they entered the data and you destroy that, the ball will be in their court when you get to court.

just knockout one of the main files (one that you wrote and own until paid for) if possible.

$killswitch = (time() > 12341323) ? rename('db_access.php','db_axess.php') : '';
// untested, should work tho. just renames the file whenever the page is called if a certain date has passed.

where 12341323 is the unix timestamp of the 'payment by...' date.

might want to call it something other than $here_be_the_kill_switch and just subtely rename an important file which you have script permissions for.

ChrisSkidmore
New php-forum User
New php-forum User
Posts: 19
Joined: Sun Aug 18, 2002 4:02 am
Location: Germany

Postby ChrisSkidmore » Thu Mar 06, 2003 6:51 am

Many thanks for your suggestion and warning.

azteck
New php-forum User
New php-forum User
Posts: 12
Joined: Sun Dec 15, 2002 3:54 pm

Postby azteck » Thu Mar 06, 2003 12:10 pm

I suggest you use an escrow payment system .So you can see if the webmaster paid you or not.If you put the script on his server an he knows a little php than a look over the code will ruin your efforts :(

ChrisSkidmore
New php-forum User
New php-forum User
Posts: 19
Joined: Sun Aug 18, 2002 4:02 am
Location: Germany

Postby ChrisSkidmore » Thu Mar 06, 2003 2:11 pm

Again thanks for the idea.
In Germany credit cards are not the norm - hence you can still buy things on the internet and be billed after delivery!
Putting these sorts of barriers between me and the client would probably result in me not having the client.
I come from UK where the idea of these payment systems would be easilly accepted, but here unfortunately not.

User avatar
Redcircle
Moderator
Moderator
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Postby Redcircle » Sat Mar 08, 2003 10:35 am

what I would do is develop the site on one of your servers and only upload finished product to his server once he has paid.

Unknown
New php-forum User
New php-forum User
Posts: 9
Joined: Mon Jan 13, 2003 10:33 am

Postby Unknown » Sat Mar 08, 2003 12:24 pm

Redcircle wrote:what I would do is develop the site on one of your servers and only upload finished product to his server once he has paid.


agreed then you have total control to kill it or let it live 8)


Return to “PHP coding => General”

Who is online

Users browsing this forum: No registered users and 2 guests