 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
46 messages in com.omnigroup.macosx-devRe: Apple site| From | Sent On | Attachments |
|---|---|---|
| Rich Morin | Dec 19, 2002 1:58 pm | |
| Eric Peyton | Dec 19, 2002 2:26 pm | |
| Nick Zitzmann | Dec 19, 2002 3:00 pm | |
| Rich Morin | Dec 19, 2002 4:46 pm | |
| Ryan Dingman | Dec 19, 2002 6:32 pm | |
| Michael Grant | Dec 20, 2002 7:21 am | |
| Jeremy Erwin | Dec 20, 2002 7:43 am | |
| Michael Grant | Dec 20, 2002 8:15 am | |
| Dennis De Mars | Dec 20, 2002 8:16 am | |
| Terrance Davis | Dec 20, 2002 8:26 am | |
| Clark S. Cox III | Dec 20, 2002 8:27 am | |
| Michael Grant | Dec 20, 2002 10:24 am | |
| Clark S. Cox III | Dec 20, 2002 10:31 am | |
| Philip George | Dec 20, 2002 12:21 pm | |
| Patrick Coskren | Dec 20, 2002 12:34 pm | |
| Clark S. Cox III | Dec 20, 2002 12:39 pm | |
| Patrick Coskren | Dec 20, 2002 12:50 pm | |
| Nick Zitzmann | Dec 20, 2002 1:01 pm | |
| Philip George | Dec 20, 2002 1:05 pm | |
| Finlay Dobbie | Dec 20, 2002 1:15 pm | |
| Philip Mötteli | Dec 20, 2002 1:19 pm | |
| Avi Cherry | Dec 20, 2002 1:21 pm | |
| Philip George | Dec 20, 2002 2:05 pm | |
| Gregory Weston | Dec 20, 2002 3:21 pm | |
| Philip George | Dec 20, 2002 4:22 pm | |
| Finlay Dobbie | Dec 20, 2002 4:31 pm | |
| Ryan Stevens | Dec 20, 2002 5:35 pm | |
| Jonathan Hendry | Dec 20, 2002 9:16 pm | |
| Philip George | Dec 20, 2002 9:42 pm | |
| j o a r | Dec 21, 2002 1:26 am | |
| John C. Randolph | Dec 23, 2002 4:30 pm | |
| Philip George | Dec 23, 2002 7:41 pm | |
| Ben Hines | Dec 23, 2002 8:53 pm | |
| Scott Ribe | Dec 24, 2002 1:08 pm | |
| Gregory Weston | Dec 24, 2002 1:26 pm | |
| Ben Hines | Dec 24, 2002 6:41 pm | |
| Ben Hines | Dec 24, 2002 6:55 pm | |
| Greg Hulands | Dec 24, 2002 7:14 pm | |
| Philip George | Dec 24, 2002 11:16 pm | |
| Philip George | Dec 25, 2002 8:47 am | |
| Jonathan Hendry | Dec 25, 2002 9:05 am | |
| Finlay Dobbie | Dec 25, 2002 9:15 am | |
| Andrew Zamler-Carhart | Dec 25, 2002 12:05 pm | |
| Philip George | Dec 25, 2002 6:02 pm | |
| Michael Grant | Dec 26, 2002 12:22 pm | |
| Finlay Dobbie | Dec 26, 2002 1:07 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: Apple site | Actions... |
|---|---|---|
| From: | Philip George (pg...@powerplum.com) | |
| Date: | Dec 20, 2002 4:22:10 pm | |
| List: | com.omnigroup.macosx-dev | |
It is not a security policy that we all agree with obviously; otherwise we wouldn't all be discussing this. Inherently, there is always a careful balance between security and usability. ADC's policy is just a little too far away from the usability side for some of us.
- Philip
PS: I'm taking the "Stupid" out of the title in the hopes of changing the mood of this thread. I love the ADC site. I don't think it's "Stupid." Nor do I think it's security policy is "Stupid." I just think this it's not the kind of thing that serves us all as well as it could.
On Friday, December 20, 2002, at 05:18 PM, Gregory Weston wrote:
On 12/20/02 at 2:16 PM, Philip George <pg...@powerplum.com> wrote:
The point is that the Apple Developer site shouldn't force us all into this one way of doing things.
That's called "security." You set a policy and enforce it. If convenience is at all a factor in imposing a security policy, it's as a counter-recommendation.
In other posts....
Terrance Davis commented that "[f]ew things are more insecure than a written down password." That's not really true, because a breach requires physical access. Lock that piece of paper in a strongbox in your house and the odds it'll be compromised are low. The odds it'll be compromised without you realizing it are miniscule.
Finlay Dobbie wonders:
The real question is why things like the Developer Tools are given through ADC anyway, they should be more easily accessible.
Monitoring would be my guess. If they know who's downloaded something, they can, for example, automatically initiate a mass contact if a potentially dangerous bug is found.
And Philip Moetteli says:
I do agree with that, but do we really need to be forced to change our password every second day?
That's overstating things by a large degree.
Finally people end up with writing the password down or asking everytime for a new one. Not very efficent either, is it?
Efficiency, like convenience, is rarely a factor in setting a security policy.
G (Whose day job recently did miserably in a federal security audit, btw. And it boiled down to the fact that we were too concerned about convenience and efficiency.)
_______________________________________________ MacOSX-dev mailing list MacO...@omnigroup.com http://www.omnigroup.com/mailman/listinfo/macosx-dev