[Design] [Cosmo] [Proposal] Anonymous login with Ticket + Password
Matthew Eernisse
mde at osafoundation.org
Mon Aug 21 20:37:39 PDT 2006
That's a good point -- the security issue will never go away entirely.
Some people prefer convenience over security, and wide-open access might
actually be totally appropriate for some people.
What I was trying to say is that if we at least offer a password feature
that's easy and obvious (e.g., "Click here to add a password" or some
such) then the responsibility for security problems lies clearly with
the users who choose not to use passwords.
If instead all we offer is no password at all, or something
approximating password-protection that uses a non-obvious workaround,
then we would end up owning part of the responsibility for users not
protecting their shared calendars -- because we didn't give people an
obvious, straightforward way to do it.
I hope that makes sense.
Brian Moseley wrote:
> i don't dispute that, but we already have this single-click feature
> that you are pointing out as a security hole, and mimi's proposal
> makes the collection password optional, so we're never going to make
> the security issue go away entirely. some people are just going to
> reject security in favor of convenience. i don't have any problem with
> that as long as we also provide (eventually) for people who want
> better security (eg acl).
More information about the Design
mailing list