Legal notice at login

[jdppm7]

Our organization would like a legal notice at login. I've written a patch to display a text file, if it exists, at login. It's not too awfully pretty but it gets the job done. Works against 1.23.1, I suspect it could be backported to other versions just as easily. If anyone has any enhancements to this, let me know! Enjoy!

Code: Select all

--- zm_html_view_login.php  2008-03-20 09:37:56.000000000 -0500
+++ zm_html_view_login.php      2008-03-20 10:13:58.000000000 -0500
@@ -46,5 +46,23 @@
 <tr><td colspan="2" align="center"><input type="submit" value="<?= $zmSlangLogin ?>" class="form"></td></tr>
 </table>
 </form>
+<?php
+
+$legalNoticeFile = "legal_notice.txt";
+if(file_exists($legalNoticeFile))
+{
+       $fh = fopen($legalNoticeFile, 'r');
+       $Notice = fread($fh, filesize($legalNoticeFile));
+       fclose($fh);
+       ?>
+       <p class="text">
+       <?php
+       str_replace("\n", "<br />", $Notice);
+       echo nl2br(htmlentities($Notice));
+       ?>
+       </p>
+       <?php
+}
+?>
 </body>
 </html>

[qriff]

Just curious...

How would this "policy" reflect at anything regarding service access?
Statements are not binding.

Policy statements are obscure tools for security.

Technically anyone can state that they did not see the policy statement due to ad-blockers, transmission failure, browser incompatibility, etc.

Access should be limited to those who require it, by vpn, firewall, accesslists, accounts and passwords.

[jdppm7]

Evidently it makes attackers easier to prosecute and civil cases have a greater success rate with higher payouts when compromised systems displayed a warning banner to the attacker. It's just essentially a "No Trespassing" sign, it gives our organization a little bit more leverage in the event that a compromise were to go to court. Additionally, we have a regulation to contend with that specifies that systems display login banners.