 |
Pattern 74: Paranoid security |
| Back to Diagram 1 - Getting started | Back to Diagram 2 - Usability | Back to Diagram 3 - Adding detail | Back to Diagram 4 - Workflow/security |
|
View sensitizing image - tbd |
|
Pattern 74: Paranoid security |
| Back to Diagram 1 - Getting started | Back to Diagram 2 - Usability | Back to Diagram 3 - Adding detail | Back to Diagram 4 - Workflow/security |
|
View sensitizing image - tbd |
Naturally, You are concerned about SECURITY AND ENCRYPTION (72). You have CLASSIFIED
YOUR SITE (11).
Companies want to be sure that their customers are who they say they are. Customers want privacy and find elaborate
dialogues irritating. How can these forces be balanced? How do you authenticate a visitor without trampling on
their privacy?
Therefore
Base security measures on a thorough risk analysis. Relate security measures to your business objectives.
Trade off security measures against well thought out recovery procedures – and don’t forget that the best security
can be bypassed by the determined. Only use authentication technique when it is absolutely necessary. Don’t frighten
users with unnecessary warnings.
This antipattern is terminal within this language.
The amount of security that a site requires varies according to the business of the site. An appropriate analogy
is the security of buildings. Banks are usually harder to break into than carpet warehouses. Homes containing valuables
are often better protected than the homes of the poor. People trade off the cost of burglar alarms and barred windows
against the cost of recovery strategies like household insurance. In some districts even the poor have to protect
their homes against the risk of violence and malicious damage.
In the context of the web there are a range of types of site with varying security needs. At one extreme there
are hobby sites that are unlikely to be hacked and on which there is really nothing to steal. One level up from
this we might consider an academic’s site containing résumés and publications. The academic would
be unhappy if someone downloaded a paper and altered it or claimed to have written it. In fact, recently there
have been muttering in academe about students populating their essays with words in this way. The common solution
is to publish material in some uneditable format such as PDF.
Commercial sites need to take more care. The user should be able to verify that the site is really the one it claims to be before entering credit card details. The common solution is to use a trusted third party such as Verisign to provide this confidence. Commercial transaction may need to be encrypted. Banking sites have even stronger requirements.
Problems only arise when the degree of security outweighs the need for it. Enforced registration or authentication dialogues will deter the casual (but harmless) browser and may cost sales. Messages that highlight the risks to the user can frighten people away only too easily. Only display warnings when they tell the user something that they really need to know.
Example
The author’s trireme.com emails are visible to some of his colleagues. He therefore wants purchase confirmations
to go to his private email address (which he accesses using a non-web-aware program). When he tries to buy from
some sites having logged on as ian@trireme.com, he is asked to type his address. He enters his other (CompuServe)
address. The site rejects his form. They loose his business. Amazon lets him do this, so why can this site? It’s
pure paranoeia.
| Browse the language | What is Wu? | Look at an example pattern sequence | Structure of the patterns |
| Comment on Wu | Contributors | Return to TriReme home page | Links to related sites |