[cap-talk] getting authorization from the user and the great insight
James A. Donald
jamesd at echeque.com
Sat Oct 6 17:53:24 EDT 2007
Karp, Alan H wrote:
>> Actually, typing in the window containing the text
>> could be a good way to denote that you want to grant
>> write authority to a file previously opened read
>> only.
David Hopwood wrote:
> Yuck, no. It's far too easy to press a key
> accidentally when focus is on the window. Better to
> have a "Edit this file" entry in the context menu (the
> one obtained by clicking the window icon on the left
> of the title bar).
>
> There are several other functions that need to be
> intermediated by the trusted window system, such as
> the cut/copy/paste menu entries, and the "Recent
> files" list. If they are moved to the context menu,
> then no user confirmation is needed. If they are in a
> menu controlled by the app, then I can't see any
> secure way to avoid a redundant confirmation.
Redundant confirmations are never acceptable. The user
will not stand for it, and if it is forced upon the
user, the user will be trained in dangerously bad
habits.
It is better to have a gaping security hole than
redundant confirmations, for if one has redundant
confirmations, one will end with a gaping security hole
due to users trained in bad habits AND pissed off end
users.
More information about the cap-talk
mailing list