Quote:
Originally Posted by TMM_John
I'm not quite sure what you're asking here. Could you elaborate?
.
|
i think what he was asking is why you would code in the ability for remote users ( yourself ) to retrieve account data from your clients. I realize you have since closed this once it was known publicly , but why would you have coded in a backdoor to retrieve this data anyways ? Would there be any honest reason to retrieve your clients customer data ? Wouldn't it basically be illegal to actually do so ? If tmm logged in using its backdoor password and let's say downloaded a customers email list of its clients, this would be illegal , so by coding this in with no safeguard , seems like the only one besides yourself that would be able retrieve this would be some "rogue" hacker.
Out of curiosity How long after you were notified someone was using your backdoor , with your admin username password to steal your customers data did you inform your other clients of this breach ?
Wouldn't it be a little "sneaky" to say " all data is on customers servers" when you really know you have the "secret" ability to download and store customers client data on your servers ?