Andrew Pollack's Blog
Technology, Family, Entertainment, Politics, and Random Noise| Professional Services | Second Signal | Presentations | Andrew's Blog | Support |
Professional Driver - Closed Course
By Andrew Pollack on 12/20/2005 at 09:32 PM ESTEver seen those warnings? "Professional driver, closed course" or "Do not try this at home" --- It applies to I.T. work as well.
This is for all of you who think you can just give your users Quickplace and leave them unsupervised. Folks, end users are the web-site equivalent of little children. Just because you give them a nifty tool, or a new bike, or a forty five caliber automatic -- does not mean you can leave them unsupervised.
Today, I and many other people got an email from someone at a big company. He's working on a bit of fluff and wants to collect some general nonsense in an anonymous form. Now, I don't want to run down this person -- he's good at what he's doing. What he's not good at is geek-work like setting up anonymous forms with security and stability. That didn't stop him though, because he has QuickPlace.
So, this business capable but technology end user created a form in Quickplace and then setup a single userid and password. He sent the email out with the username, password, and the URL to the form. So, here's a list of the problems this caused:
1. The URL wasn't right. Didn't work. A few of us geeks figured out the problem and got past that.
2. Everyone had the same username & password -- this leads to the rest of the issues
3. Anyone who clicked the link to edit their profile (aka, ME) re-set the display name for that userid to their own name, rather than setting up a unique profile, its global. Now all new questionnaires get filled as if authored by that name. I saw two or three by "me" before I went in and changed the profile to something anonymous.
4. All the results of any form filled in by anyone are visible and editable by anyone who got the email.
5. All the other documents in that quickplace are available including things I'm fairly sure are not meant for external distribution.
Again, people -- these are tools, not toys. A good, truly anonymous form done in a Lotus Domino database can be ready 5 minutes. In 10 minutes you can make it look pretty. Anonymous users can use the form, reader name for the admin role gets applied at save time, encryption applied just for the heck of it with one click, and bingo -- secure, anonymous data collection.
When you need a geek, get one. Don't try this at home.
authentication and its effect on use cases, not QuickPlace's bad handling of it
that could have been designed out. You can never prevent a user from sending
out one URL, name and password, and it'll inevitably be a bad idea regardless
of the software. It just happens to be more of a bad idea in QuickPlace with
its end user management facilities.
Educate educate educate. Or at least, if you give people powerful tools, have
them check with you on new ideas!
Other Recent Stories...
- 01/26/2023Better Running VirtualBox or VMWARE Virtual Machines on Windows 10+ Forgive me, Reader, for I have sinned. I has been nearly 3 years since my last blog entry. The truth is, I haven't had much to say that was worthy of more than a basic social media post -- until today. For my current work, I was assigned a new laptop. It's a real powerhouse machine with 14 processor cores and 64 gigs of ram. It should be perfect for running my development environment in a virtual machine, but it wasn't. VirtualBox was barely starting, and no matter how many features I turned off, it could ......
- 04/04/2020How many Ventilators for the price of those tanks the Pentagon didn't even want?This goes WAY beyond Trump or Obama. This is decades of poor planning and poor use of funds. Certainly it should have been addressed in the Trump, Obama, Bush, Clinton, Bush, and Reagan administrations -- all of which were well aware of the implications of a pandemic. I want a military prepared to help us, not just hurt other people. As an American I expect that with the ridiculous funding of our military might, we are prepared for damn near everything. Not just killing people and breaking things, but ......
- 01/28/2020Copyright Troll WarningThere's a copyright troll firm that has automated reverse-image searches and goes around looking for any posted images that they can make a quick copyright claim on. This is not quite a scam because it's technically legal, but it's run very much like a scam. This company works with a few "clients" that have vast repositories of copyrighted images. The trolls do a reverse web search on those images looking for hits. When they find one on a site that looks like someone they can scare, they work it like ......
- 03/26/2019Undestanding how OAUTH scopes will bring the concept of APPS to your Domino server
- 02/05/2019Toro Yard Equipment - Not really a premium brand as far as I am concerned
- 10/08/2018Will you be at the NYC Launch Event for HCL Domino v10 -- Find me!
- 09/04/2018With two big projects on hold, I suddenly find myself very available for new short and long term projects.
- 07/13/2018Who is HCL and why is it a good thing that they are now the ones behind Notes and Domino?
- 03/21/2018Domino Apps on IOS is a Game Changer. Quit holding back.
- 02/15/2018Andrew’s Proposed Gun Laws
Geek can do then you get shit like this. After that it's like talking to a
teenager when Geeks try to explain to customers that they really need us. "Yea
but..." Sigh.
I don't blame the poor user, he was walking on thin ice when he was told it was
solid. Where was the Adult Supervision at IBM when the QuickPlace interface
was created? This problem couldn't have be prevented ahead of time?
I agree users get into the darndest things. However, IMHO, I believe this
situation is the equivalent of neglect on the software design end.
Your help/assistance was software therapy. "So how does that make you feel?"