Former employee user account security question

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
dhinged
Forum Newbie
Posts: 1
Joined: Thu Dec 15, 2011 12:53 pm

Former employee user account security question

Post by dhinged »

I have a dispute here at work on how to handle former employee's user accounts. The former employees had access to the entire site, including admin. My co-worker thinks it is adequate to simply change the user type to normal 'user', so that they only lose access to admin. They can still make purchases (even with a stored corporate card) even though they don't have access to their company email. I want to fully disable the account (set it inactive), which prevents them from even logging in.

So even though this isn't really a PHP question (we use PHP in the app so it might apply), what is the better way to go?
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Re: Former employee user account security question

Post by Weirdan »

Changing account type seems fair to me.
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Former employee user account security question

Post by social_experiment »

Yes it's a good idea to suspend the account; you don't mention the circumstance under which the ex-employee left so their might be some resentment from their side and if they still have access to the account, what's to stop them from distributing their login information to other (and potentially more malicious) users.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply