security advice
goran at krampe.se
goran at krampe.se
Thu Nov 10 07:07:53 UTC 2005
Andrew Gaylard <ag at computer.org> wrote:
> Chris Muller wrote:
>
> > So lately I'm thinking this attempt to eat my cake and have it too is
> > fruitless. Either the user will have to be somewhat aware of security or there
> > should probably be no security. I need to choose a more definitive philosophy:
> >
> > always on?
> > default on, allow turning it off?
> > default off, allow turning it on?
>
> My preference: "default on, allow turning it off".
I am fine with either with the two last choices - *as long as you can't
miss the fact that it is ON or OFF*. Otherwise you will get:
- People complaining about performance (not realizing it is ON and they
don't need it).
- People suddenly realizing they are unsecure (not realizing it is OFF
and they thought it was ON)
So just pick a default and somehow SHOW that it is ON or OFF. Not sure
what Magma has in the way of showing things - a log somewhere? Or
perhaps a blody one time confirm popping up or whatever. Or HUGE letters
in the first page in the manual, that works too. :)
Or as I do in HV - I have two methods for starting a web app:
MyAppView start
or:
MyAppView startDebug
...that way it is clear. It could be even clearer if it was
#startNoDebug instead of #start :).
regards, Göran
More information about the Magma
mailing list