The only best thing about BEST PRACTICES is that they are best in some contexts and worst thing is that people have tendency to follow the best. In fact, sometimes they are followed by everyone and hence become common. There can’t be hundred best students in class of hundred. Only one could be best in each subject among the hundred; others could be good, very good, average and poor.
The story said above is not a story, it is reality. The idea to change the error message worked for first developer but it didn’t work for his friend. Why? Let’s see.
- The unauthorized user entered the invalid username and password, system displays an error message “The email address or password you entered isn’t correct. Please try again”. Quite good. The user doesn’t know which is incorrect – username, password or both. (This is similar to what first developer did and other followed.)
- Then user opened “Forgotten your password?” page and entered the same email id. The system displayed the error message that entered email is not registered with website. Boom. The security provided by the previous error message is violated by this message. Now this unauthorized user knows that this is not the correct user name so he can put his energy to find the correct user name. He has got a direction to move. (In our story, first developer didn’t provide the Forgot Password page but others did. So his solution worked for him but not for others.)
The problem is people are so obsessed of following best practices that context is side-lined in most of the cases. See the below example:
- Here, if an unauthorized user enters an invalid Email address – system clearly tells him that account doesn’t exist.
- In other case, when user enters correct email and incorrect password, system displays “Email/Password combination is wrong” (BEST PRACTICE). From previous message, it is obvious that only password can be wrong in this case but as I already said that people are obsessed of following the BEST PRACTICES that they miss the tweaks.
There are two important learning from above examples:
- The BEST PRACTICES are best in their contexts and might not work for you if context differs. Do what work for you and that will be your “BEST PRACTICE”. Moreover, it doesn’t make sense to me that if everyone is following the same then how it can be called as “BEST PRACTICE”. It should be called as “GENERAL PRACTICE”.
- Don’t forget to verify linking between error messages in your application. We have seen in above scenarios that one error message is violating the rule of other. (The linking between Error messages might be new to many and should be practiced.)
Now, don’t make this as BEST PRACTICE.
4 comments:
I Want to use this medium in appreciating cyber golden hacker , after being ripped off my money,he helped me find my cheating lover he helped me hack her WHATSAPP, GMAIL and kik and i got to know that he was cheating on me, in less than 24 hours he helped me out with everything, cybergoldenhacker is trust worthy and affordable contact him on: cybergoldenhacker at gmail dot com
I am very ecstatic when i am reading this blog post because it is written in good manner and the writing topic for the blog is excellent. Thanks for sharing valuable information.
Best SEO Company in Bangalore | SEO Services in Bangalore | SEO Agency in Bangalore | SEO Service Company in Bangalore
This sounds like a great subject, but my concern would be that it would be chock full of unfounded descriptions based on the NT, rather than the other way around, creating more of the already circulating myths about Jews and NT times. all123movies.info Has anyone evaluated this book to see if it explores primary sources?
beautiful love story in hindi
This is a required text at Gordon-Conwell. Any thoughts about it being used at the seminary level?
Post a Comment