TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
On Mon, 2005-06-27 at 11:48 -0700, Lori Olcott wrote:
> This is a very valid concern. Some customers might not mind allowing
> their monitors to know what else the system can do. For others, this
> could pose a security risk. Or they may simply not want to make anything
> tempting to lower levels of users.
>
> > On the other hand, they might not want the users with a monitor role to
> > know about the anti-kablooey command or screen, so it would make sense
> > to hide it.
The only way that this would pose a security risk is if the software
and/or the system it runs on has lax security. For example, if the
program stored passwords unencrypted, then curious monitor-level users
could easily log in to an account with higher privileges.
If this or anything like it is the situation, then the whole arrangement
of users into groups is fundamentally flawed and might as well be
scrapped. In fact, I'd go so far as to say that any installation of the
software is going to have far larger concerns than curious users.
At any rate, security by secrecy is poor security. All it takes is
curiosity to break it. If the software is properly secured, having low
level users know that others can do more than they can isn't a problem;
they can learn, but the shouldn't actually be able to use what they
learn.
Now Shipping -- WebWorks ePublisher Pro for Word! Easily create online
Help. And online anything else. Redesigned interface with a new
project-based workflow. Try it today! http://www.webworks.com/techwr-l
Doc-To-Help 2005 now has RoboHelp Converter and HTML Source: Author
content and configure Help in MS Word or any HTML editor. No
proprietary editor! *August release. http://www.componentone.com/TECHWRL/DocToHelp2005
---
You are currently subscribed to techwr-l as:
archiver -at- techwr-l -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- techwr-l -dot- com
Send administrative questions to lisa -at- techwr-l -dot- com -dot- Visit http://www.techwr-l.com/techwhirl/ for more resources and info.
