You don’t have to be paranoid……

January 27, 2010

The DeliveryDemon was looking at security settings on the laptop recently after the moderate paranoia setting started blocking WordPress cookies. To check what was happening she used the ‘prompt’ setting, requiring manual approval of cookies. Cue a very tired hand, and the site concerned was a perfectly respectable one! A big disconnect appears to have grown between website development practice and security practice. It appears that we are offered two choice

  •  blind reliance on automated cookie approval / rejection
  • total unusability.

This little experiment has the DeliveryDemon asking a LOT of questions:

  • What are these cookies doing?
  • How much of my storage / processing power are they hogging?
  • What’s going on when a ‘respectable’ website (not WordPress) wants to install 20 or more cookies per screen?
  • Why don’t website designers realise that a cookie plague makes the most honourable of organisations look dubious?
  • Whatever happened to respecting the right of the user to choose an appropriate security setting?

The DeliveryDemon appreciates that there’s a balance to be struck when it comes to website stats and marketing requirements. But if the designers come up with something better than forcing the user to change security settings for all sites to fit the requirements of one particular site, there’s something wrong.

If the medium paranoia setting stops a website from working, then someone has delivered a very poor level of security.