Everyone is concerned about the security of their systems, and all sorts of protection softwares are installed to make sure no code is allowed to run on their machine outside the boundaries of the web browser, but is this the right approach? Most people would say yes, but consider the following real-life scenario:
Few weeks ago I was working on a medical application for managing diabetes clinics and their patients. The application is a big system that manages everything related to a diabetes clinic, but one part of it is intended to track patients’ statuses. The idea is to allow patients to use their personal glucose meters to submit their blood glucose data from home. The system will then monitor the records of all patients and when a specific patient goes into the red zone the medical staff is informed immediately. Sounds like a great idea, but how do we allow the patient to upload their glucose data? The logical answer is to let them connect their devices to the serial port and have our application read that serial port. For a desktop application this is a straight forward task, but we are living in the web age where everything is going online and people are less willing to download applications locally. I was using .NET and I thought of using client-side managed code for this task, which will work if the user is an administrator. Note that by administrator I don’t mean a Windows user account with Administrator priveledges; I mean a person who has the knowledge of a system administrator in order to go into the .NET security configurations and give access rights to my code. Without the correct access rights given the code will simply error out, the user will not even know what was wrong, not to mention giving him/her the ability to allow or deny the code from running, which is what logically should happen. There is no way for us to ask the user for permission, the only solution is to have the user give the required access rights (which 99% of users don’t know how to do), or to have the user install something on their machine. This was using .NET, and Microsoft is always being accused of having loose security models, so I guess I can bet that other vendors have similar tight security settings.
Security enthusiasts will probably flame me for complaining and tell me there are ways around this, which is true, but should we design our needs around an existing security model? Shouldn’t it be that the security model is designed around our needs? So how should the system’s security behave then? Maybe ask the user for permission at the time a permission is needed? I don’t really know how the ultimate solution should look like; all I know is that in order to protect the user’s data I was prevented from protecting his life, literally!