« OSCON Call for Proposals Ends | Main | Rackspace vs. ServerBeach »

February 13, 2004

Drawing the Line Between Usability and Security

The origins of our application at Tufts goes back to a graduate student sitting at his home office hammering out a core set of libraries and interfaces. The core libraries are well thought and have worked to drive the application and all it's new development for over 5 years. The problem we face is where the line was drawn between security and usability.

A premise of the application is "every change in the database must be done using a user-established database handle." The idea is that anyone needing to make changes to the data obtains a MySQL-level account. We don't store that password anywhere other than in the mysql.user table and there are no MySQL accounts with permission to make table changes other than specific user's.

When a change is performed, the user enters their username and password, the application connects to MySQL with that username and runs the appropriate SQL. That's pretty good assurance that, barring sharing of passwords or a cracked system, the change was made by the user. This prevents the "user leaves the computer on and goes to lunch and someone else sits down and makes changes" scenario. Not a bad security measure to have in place.

However, there is a problem. User's are beyond annoyed at having to enter their password for every change. Particularly when doing something like adjusting the order of images on a page, where the page has 100 images and with each adjustment the user is entering the password.

My conclusion is that the line between usability and security was drawn too closely on the side of security. We're realizing that we have to trust the initial authentication and the session, allowing the user to perform actions as themselves without continually proving it's really them. The change in the application is pretty simple, we create a set of handles and let the application handle the permissions. Developer's acceptance of less strict security measures has been much harder to come by.

Posted by mike at February 13, 2004 3:03 PM