There's the general public website where the the owners want as much exposure as possible. For this type of application you may not want security to the nth degree. As was just posted, allowing the user to bookmark pages and/or directly type url's is desirable for the purpose of that application.
On the other hand, there are applications where this is undesirable. I suspect that applications Tim is writing are even available to the general public at all, and if you are even seeing the page in a browser if you are not supposed to be, you have hacked through several layers of security already.
We write applications somewhat in the middle. There are parts of our data that we DO NOT WANT to exposed to any more risk then we can, very sensitive HIPPA data. We are taking at least a year to thoroughly test our first application that will allow a very limited access to users to their personal data directly through the internet.
So it all comes down to the analysis that has been mentioned. You need to decided on the purpose of the application, what are it's security needs and build to that level.
My .02, keep the change.
--------------
Ian Skinner
Web Programmer
BloodSource
www.BloodSource.org
Sacramento, CA
"C code. C code run. Run code run. Please!"
- Cynthia Dunning
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
