--qlTNgmc+xy1dBmNv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 02, 2001 at 11:28:00AM -0700, Kurt Granroth wrote: > On Wednesday 01 August 2001 07:07 pm, George Staikos wrote: > > To clarify this, I don't mean we are liably in a contractual sense and > > it looks like I wrote. I mean that we are STUPID for knowingly shipping > > functionally broken code and that users should never have used such bro= ken > > code to begin with. The user expects that the lock icon does exactly w= hat > > I outlined, and if it doesn't, then our code has a bug. >=20 > Somebody earlier said that "security is not optional". Bullshit. There= =20 > always has been and always will be a tradeoff between convenience and=20 > security... the trick is finding the right balance between the two. =20 > Unfortunately, finding the balance is tricky because there are such diver= gent=20 > opinions on how to handle this. You can tell that's the case when the=20 > mythical User steps in. As in, "The User wants this" or "The User wants= =20 > that". >=20 > The fact remains is that all sides to the arguement are right.=20 Back to earth; why is this a Problem? Because credit card numbers can be remembered? What about a month/year combo box which is _needed_ for a correct order? Hmm, and what about cookies for a certain one-click order website? > Enable Form Completions > ( ) Always > ( ) Only on unencrypted pages I think the following is good for shipping (the default being 'x') Enable Form Completions ( ) Always (x) Only on unencrypted pages --=20 Thomas Zander zander@earthling.n= et The only thing worse than failure is the fear of trying something new --qlTNgmc+xy1dBmNv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7aZ7FCojCW6H2z/QRAulWAKDDWCgUxi1QLzFHYy8Z4Rng+mYlHwCeM8G1 gsx/FoV1RrUJNw7S7Fi51Qc= =4m+Q -----END PGP SIGNATURE----- --qlTNgmc+xy1dBmNv--