Re: Passwords in the clear update

noah_mendelsohn@us.ibm.com wrote:
> I think I agree with Dave Orchard here.  MUST NOT is pretty strong.  Let's 
> say I put up a Web site for my family, an  example I've used before.  I 
> want some barriers to casual access by others, but I really don't care 
> that much whether anyone breaks in to see the photos of my kids' birthday 
> party. 

In fact, many parents care a *great* deal that random strangers not be 
allowed to see photos of their kids. They are shocked and appalled when 
they discover that happening. I think we would be doing them a real 
disservice if we indicate that it's OK to post family information wiht 
passwords in the clear.

If you really don't care about casual access by others, you only send 
the URL to friends and you don't link to or publish it. Maybe you set up 
robots.txt to indicate noindex. But that is not the use case for 
password protection.

I think we need to recognize that anyone who establishes usernames and 
passwords for a page has a reasonable desire to only allow authorized 
users to enter. How much they care when unauthorized users break in is 
irrelevant. The vast majority of sites care a great deal about this, 
though some more than others. The point of a password is to prevent 
unauthorized access, and a use case that starts with the assumption that 
unauthorized access is unimportant contradicts the whole reason for 
having a password in the first place. What's really being argued here is 
that sometimes people put passwords on pages that don't really need 
them. True enough, but this is not something we need to consider in the 
finding. Do we really want to say, "Send passwords in the clear only 
when you don't need passwords at all?"

-- 
Elliotte Rusty Harold  elharo@metalab.unc.edu
Refactoring HTML Just Published!
http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA

Received on Saturday, 11 October 2008 14:16:38 UTC