Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

We are not mainly talking about the same thing, but on the specific subjet you evocate I actually kind of agree with you, and that was in a way what i meant by stating that security must come with usability. However, I'm not sure about how you can come to your "worse than nothing" conclusion, from a security point of view. Sure if the model let the user authorize nearly anything, they have the power to do it. Sure, if this englob both bening and potentially dangerous modifications, the user can be desensitived. BUT if it still technically achieve its designed purpose, then it is better than nothing in the sense that by nothing, I meant that it would be equivalent as if "yes" was implied all the time. And I find it hard to make the case that mandatory yes all the time and complete lack of access control is better than giving the choice...


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: