On Monday 18 August 2003 10:18 pm, Roland Seuhs wrote: > There have also been cases of writing root-passwords on post-it notes and > putting them on a screen in a busy office. > > Yet I don't see you wanting to ban post-it notes. Actually, post it note with password on screen is a disiplinery in a lot of places for that very reason... > If a webmaster doesn't care about security (and storing username/passwords > in cookies falls into that category) that can't be used as an argument to > diss cookies as a technology. If a webmaster is relying on cookies (a pretty poor technology which relies on the permission of the user to store data on a best effort basis) in order for their site to work, then I shall thoroughly diss the webmaster. > I recently was looking over the shoulder of a medium-computer literate user > and he still clicked away the warning everytime he filled out a form. For > at least 4 years now. I couldn't believe it. Well, if he was clicking away a dialogue which had a "don't show this next time" check box for 4 years either he was quite dim, it didn't bother him OR (ye gods, it might be true) he wanted to know whenever his browser has submitting information. > The same goes for the file-upload warning which currently can't even be > turned off. Do you really believe that pop-up is there for when the user deliberately uploads a file? It is there for when a malicious page attemps to upload a file without the user's knowledge. After all, I don't think it's so difficult to do. Put the name of a file in a pre-filled form, and use javascript to submit it onLoad()... Uploading a file is not a regular activity on the web, it is a pull based medium. As such it is perfectly acceptable to have warnings assigned to unusual activities... > Everything that can be stored in a cookie can also be stored on the > webserver. This is true, BUT you cannot be uniquely identified on your return by items stored on the webserver. This is the problem, profiles uniquely identified and built up over the course of months across many different sites, not just a single session on a single site. > But OK, let's keep cookies the way they are but at least let's get rid of Good. > - The dialog that appears when a user uploads a file No no no. See above. > I wouldn't be complaining if there were mass-infections or viruses related > to cookies. But we are complaining because there are mass breaches of privacy. We already know you do not give a damn about this, but you appear to be the only one. > My point, exactly. The suggestion of disabling any reasonable functionality was brief and quickly put down. Aside from that the things you appear to be refering to as "lock down" are merely warnings about unusual behaviour. :/ MP _______________________________________________ kde-usability mailing list kde-usability@mail.kde.org http://mail.kde.org/mailman/listinfo/kde-usability