> As a result, really secure systems tend to require lots of user training
> and are a hassle to use because they require permission all the time.

No I disagree still. Consider a smart card. Far easier to use then the
silly bank logins that are available these days. Far easier then even
bothering to check if the address bar is yellow, due to FF, or some
other useless addon.

You just plug it in, and away you go, pretty much.

And requiring user permission does not make a system harder to use
(per se). It can be implemented well, and implemented badly.

> Imagine if every door in your house was spring loaded and closed itself
> after you went through. And locked itself. And you had to use a key to
> open it each time. And each door had a different key. That would be
> really secure, but it would also not be very convenient.

We're talking computers here. Technology lets you automate things.

> Crispin

-- mic
Secure Coding mailing list (SC-L)
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to