Re: Opinions: Warn about online registration checks?

On Oct 8, 1:34 pm, Peter Duniho <NpOeStPe...@xxxxxxxxxxxxxxxx> wrote:
JT wrote:
I'm just playing devil's advocate. I'm sure you don't trust emails
saying that you've won the Uganda lottery and all you have to do is
pay a processing fee. Is it any safer to trust software that says,
"Now I'm going to check our online database." when it could very
easily then extracct sensitive information from your PC and send it to
the database instead.

It was not at all clear from your post that you were describing a
situation like that.

It's true, you can make your application say anything you want, and then
whatever you want. But I thought we were discussing reasonable behavior
here, things you might actually implement.

The fact that I _could_ lie to people doesn't stop me from making
statements to people that they can trust to be true. Likewise, just
because your application _could_ be badly behaved is no reason to avoid
having it be well-behaved.

I just think that havng a message box
indicating what you're intending to do gives the user a false sense of
security. I'm not saying you shouldn't do that anyway. I just don't
know what good it really does.

First, the fact that you _could_ do something other than what you say
you are going to do should be irrelevant. It is always possible to lie.
Good software doesn't, and if you've established trust with your user,
the fact that you _could_ be lying doesn't matter, as long as you
_aren't_ lying. Of course, part of establishing trust with your user is
being explicit about what you're doing and doing only what the user asks
you to do.

That said, you seem to be focusing on one narrow part of why it's
important to ask the user before using the network, if using the network
is not an implicit part of your application's operation. Yes, it's a
potential security and privacy issue that the user should be in control of.

But also, the mere act of accessing the network can sometimes have
unintended effects. One example is a computer that is using dial-up
networking. Simply by making an attempt to use the network, Windows
will by default pop up a connect dialog. Yes, the user can cancel that,
and your network i/o will fail (and hopefully you handle that
gracefully). But it's an annoyance to the user to have to go through
that every single time they try to run your application.

The point isn't just to let the user know what you're doing. It's to
give the user _control_ over what you're doing. Good software doesn't
surprise the user, and it doesn't do things that the user hasn't asked
it to do.

Only if the user explicitly does something that requires the network
should you use the network. That puts control in the user's hands. I
would extend this to say that you shouldn't even be asking the user if
it's okay; you shouldn't be trying at all, unless the user has
explicitly done something that requires network access.

So, if the user tries to use a feature that requires registration,
verify with the user that they want to try to access the registration
database. If the user chooses a menu command that explicitly says to
access the registration database, obviously no prompt is necessary. But
do not automatically try to access the registration database just for
the sake of accessing it, not even by prompting the user first.

I'm sorry if you think that this is a one-to-one conversation.

I have no idea what you mean by that.

Pete

Hey Pete,

In order to correct some misconceptions I would have to start
describing specific behaviors of specific applications, which I think
would give me results that would not necessarily fit the general mold.

What I mean by a one-to-one conversation (one on one?) is that it's
just you and me, not the hundreds and thousands of people I was hoping
to hear from. I'm sure that no matter how popular your opinion is,
you don't speak for every developer and end-user in the world. Not
everything I am posting is directed to you. I don't care if I get
5000 people saying, "Pete's right, you dope." I want to see that.

JT

.

Relevant Pages

  • Re: Database Access
    ... database, and point at it and see if it works. ... Put it on a network share. ... Are you saying if I understand correctly: ...
    (microsoft.public.dotnet.framework)
  • Re: 2007 Form Created 2003 Macros Not Working
    ... I have changed the Trust Center settings and have changed the Macros to allow ... The only way I got one database to work was ... right) would not work and kept reverting back to my mapped network drive even ...
    (microsoft.public.access.formscoding)
  • Re: D-Link DI-604 Router Configuration
    ... So we have an external developer or consultant coming in to do work on your ... database over the Internet but doesn't want to have to connect to your ... client's network to get this Internet access. ... so, since the developer doesn't trust the client's network, why would he ...
    (microsoft.public.windows.server.sbs)
  • Re: Audacity and Gentoo
    ... > Oracle Black Helicopter Base in Antarctica: `Hey, we've got a database, ... available, especially from Australia's ABC national radio network, ... I don't sync it with the computers, ... There's over 5,000 games in that 15 ...
    (uk.comp.os.linux)
  • (no subject)
    ... - LDB locking which a persistent recordset connection fixes ... New format of Access 2000 MDB ... Place backend MDB on the root of the network share rather than several folders down ... Subdatasheets are a new feature in Access 2000 Therefore, you are more likely to notice this behaviour after you convert a database from an earlier version. ...
    (comp.databases.ms-access)