[thelist] Is this a list?
Ken Schaefer
Ken at adOpenStatic.com
Mon Oct 3 12:36:48 CDT 2005
> -----Original Message-----
> From: thelist-bounces at lists.evolt.org [mailto:thelist-
> bounces at lists.evolt.org] On Behalf Of Shawn K. Quinn
> Subject: RE: [thelist] Is this a list?
>
> > Please explain how my choice not to incorporate accessibility into the
> > code is 'grossly negligent.'
>
> I won't, because if you actually read what I wrote, you'd understand
> that's not what I said.
You said that failing to force authentication on non-world-public data is
"grossly negligent".
But that just displays a fundamental lack of understanding of what security
is. Authentication (and subsequent authorization) is there so that you know
exactly who is accessing your site. That's completely different to giving a
subset of public users access to a resource. Because you may not wish to know
who's accessing your website. You want to know that certain people can, but
you do not care if others do as well. And your failure to distinguish between
the entire set, and this subset is where your argument falls down.
Cheers
Ken
More information about the thelist
mailing list