Gustav Brock
gustav at cactus.dk
Sun Feb 9 03:42:01 CST 2003
Hi John > From that point on, I made a conscious effort to at least evaluate what > power I was giving my users, and make a conscious effort to prevent them > from doing things they were not authorized to do. As a general note, it's the responsibility of a trusted user to not pass his/her access to an application to another user granted lower rights to that application and its data. Applying this to your case, as a user you failed, as the developer you were not to be blamed. Of course, today you could let the application request the user to (re)authorize by touching a fingerprint reader each time before a critical task was to be performed. And so on ... ultimately the keyboard itself should be capable of real time scanning the user's fingerprint. /gustav