should defaults be secure or convenient?

As with most questions like that, the real answer is “it depends”

Updating a Debian (sarge) box today, I was still a little surprised at the phrase “if in doubt … install it with SUID”.  Is the subset of sites running host-based auth and *not* sure about whether to install suid really worth having an insecure (at least from a defense-in-depth POV) default?  Clearly a subjective question.


One thought on “should defaults be secure or convenient?

  1. Me and my boys well we’ve enjoyed more prepaid credit cards over time than I can total, including Bank Freedom, Greendot, etc. But, the last few years we’ve found that this one is the best for us AccountNow Visa. Why? Because I was happy to discover how well-designed and easy to use the underappreciated (and widely mocked) AccountNow Visa’s are.

Comments are closed.