[Design] [Cosmo] [Proposal] Anonymous login with Ticket + Password
Brian Moseley
bcm at osafoundation.org
Mon Aug 21 16:46:33 PDT 2006
On 8/21/06, Matthew Eernisse <mde at osafoundation.org> wrote:
> I'm simply saying that single-click easy access to a calendar (including
> full write privileges), without also providing users a straightforward
> way to lock it down, is a huge, obvious security hole. And when bad
> things happen to users' shared calendars, it will give us a black eye.
>
> I understand that it adds a lot of extra complexity to the security
> model. It just seems like the ability to password-protect stuff (i.e.,
> provide an obvious way to use something distinctly different from the
> URL) is a pretty fundamental facility to expect for anything Web-based.
i don't dispute that, but we already have this single-click feature
that you are pointing out as a security hole, and mimi's proposal
makes the collection password optional, so we're never going to make
the security issue go away entirely. some people are just going to
reject security in favor of convenience. i don't have any problem with
that as long as we also provide (eventually) for people who want
better security (eg acl).
More information about the Design
mailing list