Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Time bomb needed in ASP.NET application

Tags:

.net

security

asp.net

time-bomb

We've developed a bespoke ASP.NET application for use on our customer's intranet. It appears they're unlikely to pay for it, so our boss would like us to introduce a time bomb.

[Edit:] Technical responses only please! Whether this is a good (or legal) idea is a question for CEOoverflow.com ;-)

All pages in the application inherit from a class called ApplicationBasePage and have consistent error handling, so I'm thinking that throwing an exception early in the lifecycle of ApplicationBasePage will be an easy way to make the application unusable. I'm open to other ideas you may have though.

My question is: how and where should we store the date on which the application will expire?

Some points to note:

  • The application is installed on a single server in the customer's offices.
  • Application data is held in a SQL Server 2005 database held on the same server. The database was designed by us and is not used for anything else.
  • The application is only accessible on their intranet: there is no access to the application over the Internet.
  • We currently have remote desktop access to their server, but would expect to lose that if things turn nasty.
  • The application is written in .NET 2.0.
  • Security is handled by FormsAuthentication.
  • We need to be able to turn the timebomb off or change the its trigger date easily (assume we still have remote desktop access to do this).
  • The server can normally access the Internet, but it would be best not to rely on this.
  • The timebomb will only lock users out: it won't destroy any data.
  • Unless it triggers, the customer must never be aware of the time bomb's existence.
  • Their IT guy will happily go poking around in the web.config or in the database. He's not a programmer but he's not afraid to change things "just to see what happens". Decompiling or reverse engineering the application would be beyond his capabilities.

For extra credit, how much do you think it's OK to rely on security through obscurity in this case?

[Edit:]

  • The application does a lot of business-critical date-dependent stuff, so we can be sure they won't change the clock on their server as this would make the application worse than useless.
like image 657
teedyay Avatar asked Feb 19 '09 06:02

teedyay

People also ask

What is timer in ASP NET?

Introduction to Timer in ASP.NET ASP.NET provides a very important functionality called Timer. It is basically used to provide a specific interval of time in any application. Timer in ASP.NET control helps us in taking an action or performing a specific action after a certain time span in an application.

How can I improve the performance of my ASP web application?

ASP.NET Core apps with complex front-ends frequently serve many JavaScript, CSS, or image files. Performance of initial load requests can be improved by: Bundling, which combines multiple files into one. Minifying, which reduces the size of files by removing whitespace and comments.

How do I block asynchronous execution in ASP NET Core?

Block asynchronous execution by calling Task.Wait or Task.Result. Acquire locks in common code paths. ASP.NET Core apps are most performant when architected to run code in parallel.

1 Answers

"They're looking unlikely to pay for it, so our boss would like us to introduce a time bomb."

You're being asked by an incompetent businessman to implement a technical solution to a business problem. If your client is not going to pay, your Boss should be dealing with the situation like an Adult and not screwing around with logic bombs like a highschool hacker.

It's unethical, probably illegal, but mostly it's just stupid.

like image 98
nailitdown Avatar answered Oct 16 '22 03:10

nailitdown
Sign in to Comment

Related questions

Regular expression to validate valid time
How to check if a particular character exists within a character array
Regex get last occurrence of the pattern
How to write code in Visual Studio faster? [closed]
How can I see my applications threads while debugging in Visual Studio?
Copy specific columns from one DataTable to another
In C# .NET 2.0, what's an easy way to do a foreach in reverse?
Why do we use .NET properties instead of plain old get/set functions?
How to create an XML document from a .NET object?
Ignore case and compare in C# [duplicate]
Is it possible to extend arrays in C#?
Allow only alphanumeric in textbox
How to get value after decimal point from a double value in C#?
How does the process of hashing work in Dictionary<TKey, TValue>
Graphics.DrawString vs TextRenderer.DrawText?Which can Deliver Better Quality
Get index of nth occurrence of char in a string
C#: Removing common invalid characters from a string: improve this algorithm
Why we need Properties in C#
What are the advantages of c# over, say, delphi/realbasic for windows applications [closed]
MySql Last Insert ID, Connector .net

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!