It's a security risk!

How many times have you heard the phrase “No, its a security risk.” when you ask if it is possible to implement a new feature into something that you use but aren’t a developer of (or possibly you aren’t a developer yourself). Well, frankly this is a blog post asking people to stop doing this. If you don’t want to put this feature in, just tell us, if you don’t think it is possible, let us know, if you can’t be bothered listening to us, please just tell us.

The phrase “Its a security risk” is overused and frankly it stops it meaning anything when it needs to mean something. The phrase should be used only when something is actually a security risk.

For example, I asked for openID to be implemented into a web service I use (it isn’t a public one, and I’m not going to oust the “developer” because that would be pretty horrible), and that was met with the reply “No, never going to happen. It’s a security risk.”. The forum topic was then deleted (because me saying that the site ran joomla was also a security risk) and that was the end of that.

Now, although there have been security problems with openID and how it works, but there are security problems with absolutely everything we do. If you won’t do anything if it is a “security risk” then don’t get into IT. Everything is a security risk, and we need to understand that. I’m not saying we should implement everything willy nilly, but lets not be so pathetic. The same IT person who thought openID was a security risk uses windows…what else do I need to say?

If you are a developer, let me challenge you. Try not to say “Its a security risk.”. If you honestly have security concerns that is fine, but if not, let the person know exactly why you don’t want to implement it, even if it is something as simple as “I don’t want that feature.” That is more honest. I can’t stand lies…