Page 1 of 6

[BETA] Dead Man's Switch

Posted: Sun Sep 28, 2008 7:38 am
by MartectX
MOD Title: Dead Man's Switch
MOD Description: Allows you to enter email addresses and prepare a message text which will be sent to the recipients if you did not log in for an adjustable amount of time (default 4 weeks).

Message text should include your telephone number, password, FTP and SQL access and whatever your trusted recipients must now to get to know your whereabouts and keep the forum running, should you ever become incapacitated.
MOD Version: 0.1.2
MOD Download: http://mods.martectx.de/dead_mans_switch.zip

From Wikipedia: A dead man's switch, as its name suggests, is a switch that is automatically operated in case the human operator becomes incapacitated.

Re: [DEV] Dead Man's Switch

Posted: Sun Sep 28, 2008 1:27 pm
by IPB_Refugee
First I didn't get the point but after thinking for a while I'd say that this would be a very useful MOD! :!:

As I know two persons I trust, it would be good to be able to send the mail to more than one recipient.

Yes, I'm certainly interested in this MOD - please develop it! And please test the MOD! I don't want to die with the false hope that my board will stay alive but in fact no mail will be sent to my "trusties" because of a bug in this MOD.

I'm willing to play a beta tester for you. :)

Have a nice Sunday
Wolfgang

Re: [DEV] Dead Man's Switch

Posted: Sun Sep 28, 2008 10:25 pm
by MartectX
I'm still not quite sure on how to secure the data. I think the best way would be to point the receiver to a location where all this information is stored and not send them everything right away, as an attack on the database would potentially disclose all of it.

Another idea of mine was to create an unactivated founder account and activate it once dead man's criteria are met - the pure account information wouldn't be useful for attackers as it's not activated yet. But then again maybe I want the trusted person to have FTP information and that has to be stored somewhere, too. :?

I'd imagine a PHP script that holds all information and can be accessed by entering a code. When this code is entered the admin gets an alert so he knows - should he not be incapacitated - that his codes are now known to a third party.

Further ideas on this one?

Re: [DEV] Dead Man's Switch

Posted: Sun Sep 28, 2008 11:40 pm
by tumba25
Encrypt the mail with for example PGP and give the mail-recipients the keys in advance.

Or do not store the info in the database at all. Store it in a file instead.

Re: [DEV] Dead Man's Switch

Posted: Sun Sep 28, 2008 11:43 pm
by MartectX
tumba25 wrote:Or do not store the info in the database at all. Store it in a file instead.
Hmmm... a text file in, say, /store? Sounds reasonable....

Re: [DEV] Dead Man's Switch

Posted: Sun Sep 28, 2008 11:54 pm
by IPB_Refugee
tumba25 wrote:Or do not store the info in the database at all. Store it in a file instead.
That's a good idea. I suggest the possibility to hard code the name of the text file somewhere in a file of your MOD (not in the database) and to protect the file via .htaccess.

Informing the admin when the mail with the account data has been sent is a good idea, too. Maybe it's enough to send the mail as BCC to the admin's mail account.

Regards
Wolfgang

Re: [DEV] Dead Man's Switch

Posted: Sun Sep 28, 2008 11:58 pm
by MartectX
IPB_Refugee wrote:Maybe it's enough to send the mail as BCC to the admin's mail account.
Bang, that's nice - so it shall be done! :D

Re: [DEV] Dead Man's Switch

Posted: Tue Sep 30, 2008 1:31 am
by spaceace
this is something that i would definitely like to see developed :D

just a thought, but if you were to store anything in a file, would it be possible to package the file in a .zip or .rar format that is also password protected? and share the password with 1 or more trusted people to make hacking even more difficult.

Re: [DEV] Dead Man's Switch

Posted: Tue Sep 30, 2008 2:26 am
by IPB_Refugee
@spaceace: A customizable name of the file (e.g. im_deAD*nOw1265++3.php) and to protect the file via .htaccess should be enough in my opinion. Do you disagree?

Code: Select all

<Files "im_deAD*nOw1265++3.php">
Order Allow,Deny
Deny from All
</Files>
Regards
Wolfgang

Re: [DEV] Dead Man's Switch

Posted: Tue Sep 30, 2008 3:50 am
by spaceace
IPB_Refugee wrote:@spaceace: A customizable name of the file (e.g. im_deAD*nOw1265++3.php) and to protect the file via .htaccess should be enough in my opinion. Do you disagree?

Code: Select all

<Files "im_deAD*nOw1265++3.php">
Order Allow,Deny
Deny from All
</Files>
Regards
Wolfgang
nope, don't disagree at all :D

like i said, just a thought ;)

Re: [DEV] Dead Man's Switch

Posted: Tue Sep 30, 2008 7:49 am
by MartectX
spaceace wrote:just a thought, but if you were to store anything in a file, would it be possible to package the file in a .zip or .rar format that is also password protected? and share the password with 1 or more trusted people to make hacking even more difficult.
Well, where would you securely save the .zip file's password then?

Re: [DEV] Dead Man's Switch

Posted: Tue Sep 30, 2008 1:44 pm
by spaceace
MartectX wrote:Well, where would you securely save the .zip file's password then?
with the trusted e-mail recipients. give it to them before anything ever happens. when the dead man switch is tripped, the people getting the e-mail will also receive the zip file with all the info. but i'm just thinking out loud here :lol:

Re: [DEV] Dead Man's Switch

Posted: Tue Sep 30, 2008 3:36 pm
by MartectX
spaceace wrote:
MartectX wrote:Well, where would you securely save the .zip file's password then?
with the trusted e-mail recipients. give it to them before anything ever happens. when the dead man switch is tripped, the people getting the e-mail will also receive the zip file with all the info. but i'm just thinking out loud here :lol:
Not bad actually. Only problem I see is that after about two months no one will remember where he stored your password. So this method would be more insecure from a "functionality" point of view.

Re: [DEV] Dead Man's Switch

Posted: Tue Sep 30, 2008 5:44 pm
by spaceace
no problem. like i said, just thinking out loud :lol:

Re: [ALPHA] Dead Man's Switch

Posted: Thu Oct 02, 2008 5:02 pm
by MartectX
ALPHA 1 is out. It currently does not have the ability to be configured via ACP, you'll have to edit deadman.php yourself.