Yesterday, Chris Miller (of Washington Publishing Company) told us:
>
> www.ehnac.org requires that your browser be configured to allow
> per-session cookies. This is the default condition for most browsers.
I would suggest that this is not a satisfactory solution for either
EHNAC, DHHS or the users involved.
For a start, it is widely known that cookies provide a mechanism for carrying
out various forms or grades of industrial espionage, monitoring site visits
and activities performed at individual sites or in some cases, across site
boundaries. For this reason, many security-consious sites (including a
substantial number of government sites) have a mandatory 'no cookie' site
security policy that cannot be varied by individual users. Any web-site
which only uses cookies therefore immediately disenfranchises a substantial
proportion of its potential users who in some cases may not be able to
use the site at all, or are simply prevented from performing some activities
at that site, depending on how much use is made of the cookie mechanism.
A growing number of commercial web-sites have re-written their on-line
presence not to use cookies precisely for this reason. Web-users tend to
be fickle, and will very quickly abandon trying to use a site if it appears
to be fighting them or making life more difficult. This surely applies
just as much to non-commercial operations such as EHNAC, who surely want
as wide a dissemination of the HIPAA regulations and compliance checking
as possible, given that they derive income from the use of their compliance
checking service.
Secondly, the EHNAC site did not warn users that cookies were required or
make any attempt at graceful degradation - it simply produced an unhelpful
and context-free Microsoft error message that could well mean there was
simply a programming error in the ASP script. Such behaviour would normally
be taken to indicate that the web-designer had dropped the ball and hadn't
tested his code properly. Either a warning on the front-page that cookies
are required, or a message box explaining that cookies are required when
a particular function fails because cookies are disabled would help a lot.
There are a number of commercial sites that have precisely that helper
mechanism in operation: either when you first touch the site, or when you
attempt to activate a facility that the web-server prefers to service via
a cookie device, a display box comes up and not only tells you that the
cookie device must be enabled in your brower, but also tells you how to do
that on the four most popular browsers (Netscape, Opera, Star Office and IE).
Another alternative that most developers would in any case prefer is to
make the files available for download by anonymous FTP.
> The files are made available dynamically, as submitted from STFCS
> subscribers who have indicated a willingness to share the transaction
> sets they successfully passed.
I appreciate their willingness to share in this way - this is the way the
development community works together to further the common good. Open Source
software is growing in popularity and accounts for the reason why over 70%
of the web-servers on the 'Net run Apache and Microsoft NT is steadily loosing
market share to Linux as the web and network server of choice.
A little more attention to user-friendliness and thought that the whole world
can't or won't run their browsers in promiscious mode would enable a wider
audience to benefit from the subscribers largesse.
Jonathan
------------------------------------------------------------------------------
Jonathan Allen | [EMAIL PROTECTED] | Voice: 01404-823670
Barum Computer Consultants | | Fax: 01404-823671
------------------------------------------------------------------------------
=======================================================================
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
