On 20/04/14 15:14, Jim Cheetham wrote:
If you think that you need to support browser versions that are
unsupported by their own authors then I'd consider offering graduated
services - if you connect with weak ciphers, use OTP instead of just a
password, for example.
Hi Jim,
I think in a lot of cases commercial reality wins over any sort of
sensible security graduation/degrading like that. In the online
shopping world where requiring a password before checkout vs after can
make a 50% difference in conversion having any sort of security
'impediment' might be financial suicide. (Depending on vertical,
engagement and quality of funnel/pre-sell)
I had a real education in the reality of supporting the 'general public'
a while ago. When I started a new role where over 40% of the company
income was from browsers unsupported by their authors as you put it.
One of the most common questions from customers was 'how do I buy your
product on your website' before we changed the text on the button from
'Add to Cart' to 'Buy now' for some countries. Nuts.
It'd be nice to be able to tell customers to upgrade their stuff before
they buy anything but the reality is that some f people still think they
run a program called 'the internet' to get onto facebook and to check
out ebay/trademe. :-)
Cheers, Chris H.
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
