[gchamonlive]

permissions are a pain... i am considering centralizing permission handling in a separate service environment so that every service I have shares the same permission logic.

It is a shame since we could save some latency time by having permissions implemented in the same language and app that it is being requested. But to avoid stuff like that in the article I believe the cons are worth it

edit: the user had direct access to the database. No amount of code would mitigate that. Moral of the story is NEVER leave your database open to public, always hide it behind a service wall

[NKCSS]

Security and usability are always at the opposite end of the spectrum. Balance it wisely.

[AmericanChopper]

This is such a dangerous false dichotomy. Plenty of security systems benefit user experience.

[TazeTSchnitzel]

And the security of a system can be completely undermined if nobody uses it because of poor user experience.

[Phillipharryt]

And in fact some systems are only usable because of their security. A bank that gives all accounts the same password could hardly be considered usable, neither could many websites if they did the same.