|Professional Services||Second Signal||Presentations||Andrew's Blog||Support|
Ever seen those warnings? "Professional driver, closed course" or "Do not try this at home" --- It applies to I.T. work as well.
This is for all of you who think you can just give your users Quickplace and leave them unsupervised. Folks, end users are the web-site equivalent of little children. Just because you give them a nifty tool, or a new bike, or a forty five caliber automatic -- does not mean you can leave them unsupervised.
Today, I and many other people got an email from someone at a big company. He's working on a bit of fluff and wants to collect some general nonsense in an anonymous form. Now, I don't want to run down this person -- he's good at what he's doing. What he's not good at is geek-work like setting up anonymous forms with security and stability. That didn't stop him though, because he has QuickPlace.
So, this business capable but technology end user created a form in Quickplace and then setup a single userid and password. He sent the email out with the username, password, and the URL to the form. So, here's a list of the problems this caused:
1. The URL wasn't right. Didn't work. A few of us geeks figured out the problem and got past that.
2. Everyone had the same username & password -- this leads to the rest of the issues
3. Anyone who clicked the link to edit their profile (aka, ME) re-set the display name for that userid to their own name, rather than setting up a unique profile, its global. Now all new questionnaires get filled as if authored by that name. I saw two or three by "me" before I went in and changed the profile to something anonymous.
4. All the results of any form filled in by anyone are visible and editable by anyone who got the email.
5. All the other documents in that quickplace are available including things I'm fairly sure are not meant for external distribution.
Again, people -- these are tools, not toys. A good, truly anonymous form done in a Lotus Domino database can be ready 5 minutes. In 10 minutes you can make it look pretty. Anonymous users can use the form, reader name for the admin role gets applied at save time, encryption applied just for the heck of it with one click, and bingo -- secure, anonymous data collection.
When you need a geek, get one. Don't try this at home.
Please wait while your document is saved.