[sldev] Patch to Address Debit Permission Spoofing

Nicholaz Beresford nicholaz at blueflash.cc
Fri May 25 06:30:13 PDT 2007


>> The preference to enable automatic denial will appear in the "Popups" 
>  > * Opt-out of Caution Permissions Prompts
> 
> I'm also opposed to "preference creep".  It seems that a lot of the 
> patches we are seeing are coming with preferences to enable or disable 
> them.
> 
> Either it's a good idea to do this or it isn't.  We don't need to add a 
> preference for every little feature.  If the client had always been 
> developed like this, we'd have 50 pages of preferences and be able to 
> revert to the 1.0 feature set. :)

I disagree.  Preferences are that ... preferences and these naturally
differ among users.

Howver, the question if this feature is useful or doing more harm than
benefit is of course something to be asked.

Personally I'd say that I like the red window, but think the 
consequences should be explained in a better way, i.e. something added
like "This script wants permission (which will remain ongoing) to
take/transfer L$ from your account.  You should only agree to this
if you are currently in a finanacial transaction and/or trust the
owner of the script, yada yada yada".

I'm not sure, but I assume there won't be many of those scripts around
so users won't see them too often, so auto-denial may indeed be doing
a bit too much good (especially if it's off by default).

But I like the idea of the additional visual weight.


Nick





More information about the SLDev mailing list