unity-design team mailing list archive

[Dylan McCall <dylanmccall@xxxxxxxxx>]

On Mon, Apr 26, 2010 at 7:25 AM, Frederik Nnaji
<frederik.nnaji@xxxxxxxxx> wrote:
> security is nothing for a visual internet designer to be concerned about.

I'm mostly in agreement with you there, Frederik. I do think UI design
has a role to play in security (in particular, we can't make the user
tired of the concept), but there is no way we can guarantee the
security of a tool by visuals alone.

Anything can create a full-screen screen fade. (Although,
interestingly, Javascript on a web page seems to do a much smoother
fade than gksudo). The indicator API is built so anything can create
an indicator. I think it would be awesome if web apps could create
indicators, and Chrome does desktop notifications now, so that's
probably not too far away.
Saying "anything on the panel is what it claims" is to create a very,
very dangerous environment.

Lots of things can be done with PolicyKit and Gksudo to encourage more
secure operation, and with some work maybe we can help raise the
user's awareness when he enters a password. Something quick that
occurs to me is that the password dialog could show a personal message
or a picture that only PolicyKit or gksudo has access to.

Really, what this is about is "don't tell your password to strange
programs;" we need to help the user identify strange programs and
understand the risk. It's already a big puzzle, so let's not add more
pieces unless it is really, really necessary.



Thanks :)

Dylan