Hi,
I've been developing my first php sites as a freelancer and have a slight payment problem. I would like to give the client the site, as more work is promised, but I'm not over convinced he's going to pay!
I want to build a back door that will allow me to delete the database tables. Probably not ethical, but neither is not paying!
Only the admin area has a log in (htaccess) which can clearly be changed denying me access.
Can anyone please suggest the best method. Something that would not be noticable looking at the code (although they are not programmers), not make the site vunerable to attack from others until the point comes when I can remove it (when they have paid)
But grateful for suggestions[/quote]
back doors for non payers
Moderators: egami, macek, gesf
-
- New php-forum User
- Posts: 19
- Joined: Sun Aug 18, 2002 4:02 am
- Location: Germany
There's no such thing as a stupid question - but I try!!
-
- New php-forum User
- Posts: 191
- Joined: Wed Jan 29, 2003 7:11 am
- Location: UK
- Contact:
personally I'd advise against removing db data unless you actually added the data yourself. even though you wrote the scripting behind the app, if they entered the data and you destroy that, the ball will be in their court when you get to court.
just knockout one of the main files (one that you wrote and own until paid for) if possible.
$killswitch = (time() > 12341323) ? rename('db_access.php','db_axess.php') : '';
// untested, should work tho. just renames the file whenever the page is called if a certain date has passed.
where 12341323 is the unix timestamp of the 'payment by...' date.
might want to call it something other than $here_be_the_kill_switch and just subtely rename an important file which you have script permissions for.
just knockout one of the main files (one that you wrote and own until paid for) if possible.
$killswitch = (time() > 12341323) ? rename('db_access.php','db_axess.php') : '';
// untested, should work tho. just renames the file whenever the page is called if a certain date has passed.
where 12341323 is the unix timestamp of the 'payment by...' date.
might want to call it something other than $here_be_the_kill_switch and just subtely rename an important file which you have script permissions for.
avatar image based upon nasas apod (only updates if I post though)
-
- New php-forum User
- Posts: 19
- Joined: Sun Aug 18, 2002 4:02 am
- Location: Germany
Many thanks for your suggestion and warning.
There's no such thing as a stupid question - but I try!!
-
- New php-forum User
- Posts: 19
- Joined: Sun Aug 18, 2002 4:02 am
- Location: Germany
Again thanks for the idea.
In Germany credit cards are not the norm - hence you can still buy things on the internet and be billed after delivery!
Putting these sorts of barriers between me and the client would probably result in me not having the client.
I come from UK where the idea of these payment systems would be easilly accepted, but here unfortunately not.
In Germany credit cards are not the norm - hence you can still buy things on the internet and be billed after delivery!
Putting these sorts of barriers between me and the client would probably result in me not having the client.
I come from UK where the idea of these payment systems would be easilly accepted, but here unfortunately not.
There's no such thing as a stupid question - but I try!!
what I would do is develop the site on one of your servers and only upload finished product to his server once he has paid.