Gah! You am dumb!
12 May 2005 12:29![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
the_eggwhiteYou want to restrict access to this page to a certain group of people. Fair enough... That I can do.
What's that? You want people who are not in that group to have to enter a username or password to get in, but the people who are in that group to just be able to go in with no questions asked? What do we know about the people who are in this group? Do they any common identifying features? No? Can I send them somewhere else first so that I can set up a cookie which identifies them as a part of the group? No?
How the hell am I supposed to distinguish between people who are meant to be able to read it and people who aren't if I'm only allowed to ask for a login and password from those who are not meant to be there! What's more, why the hell am I asking for a username and password from people you don't want to give access to?
I know! I'll just install this psychic powers patch to the server... No, it's not a random number generator... not at all...
Bah! Stupid people! Think things through before you come to me and say "do this now or I'll complain!".
What's that? You want people who are not in that group to have to enter a username or password to get in, but the people who are in that group to just be able to go in with no questions asked? What do we know about the people who are in this group? Do they any common identifying features? No? Can I send them somewhere else first so that I can set up a cookie which identifies them as a part of the group? No?
How the hell am I supposed to distinguish between people who are meant to be able to read it and people who aren't if I'm only allowed to ask for a login and password from those who are not meant to be there! What's more, why the hell am I asking for a username and password from people you don't want to give access to?
I know! I'll just install this psychic powers patch to the server... No, it's not a random number generator... not at all...
Bah! Stupid people! Think things through before you come to me and say "do this now or I'll complain!".
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
2005-05-12 15:45 (UTC)To impliment their design, you could just give everyone in the world access to the 'restricted' page without any sort of authentication challenge. You won't get caught immediately since your clients are obviously important enough to be included in the restricted group. Eventually, someone with at least a minimal level of intellegence will looks at the page and realise what you've done, at which point it becomes their problem.