Customer thinks removing login/logout button helps with security (magento)

[TechBoyJK]

yep.

Hosting a customer that has a Magento shopping cart. I was helping them with something and couldn't find the login button. Moved onto something else, which got me logged in another way, then couldn't find the logout button.

I ask and I'm told it's for security.... Let's remove the login/logout button from the header template because it invites people to mess with the system. Let's tell users that they have to add /login or /logout to do that.

I tried to explain that it destroys the user experience and that if a site is so insecure that petty things like hiding a login/logout button are required, it shouldn't be online.

oh wtf.

 

[KB]

Does he actually sell anything? Sounds like bankruptcy is in his future.

 

[Cogman]

If they think removing a login/logout button makes their site secure, they undoubtedly have some pretty huge security holes.

 

[KlokWyze]

sounds pretty normal to me......

the stupidity not the "hardening" of their system.

 

[Markbnj]

Are they lawyers? Lawyers and associated businesses have the worst websites in the known world. 15 years behind everyone else.

 

[Leros]

Are they lawyers? Lawyers and associated businesses have the worst websites in the known world. 15 years behind everyone else.

Sigh. I know a lawyer who has god level access (higher than admin) at his company yet refused to put a passcode on his mobile device. Anybody could pick up his phone and instantly have god level access to the entire company.

 

[inachu]

Are they lawyers? Lawyers and associated businesses have the worst websites in the known world. 15 years behind everyone else.

When law.com was first created with their very first site back between 1996-97 They used to have a chat room and I would teach them HTML using live code within their chatroom.

It was so easy back then and yes Lawyers are always far behind the time.

 

[slugg]

The customer is always right. Hide the button and charge him a pretty penny. You both go home happy.

 

[VirtualLarry]

I'm pretty (upset) that BestBuy does NOT seem to have a "logout" button anymore. What if I were using a public computer?

 

[ninaholic37]

I'm pretty (upset) that BestBuy does NOT seem to have a "logout" button anymore. What if I were using a public computer?

Are you using NoScript? I just made a dummy account to test, and I see the "Sign Out" link/text on each page between the "Welcome, Name!" and "My Account" at the top right (takes a sec to pop up though) but I'm not in the US. The page definitely looks messed up here though, headers are running on top of headers... it looks like it expects a screen resolution of at least 1600x900.D:

edit: Wow, nevermind. The US site looks completely different.

edit2: Ok, I can sign out by hovering my mouse in between the "Hi, Person!" and "Account" at the top right, then a little menu pops up with "Sign Out" at the bottom of it (in italics even, like that's supposed to help you find it - lol). A lot of sites work like this now though, Google+, photobucket, to name some....

 

[MongGrel]

Sigh. I know a lawyer who has god level access (higher than admin) at his company yet refused to put a passcode on his mobile device. Anybody could pick up his phone and instantly have god level access to the entire company.

Was kinda funny about 15 years ago, my wife was office manager of a travel agency and the owner put up a remote type of set up in the office.

They wife put it up at home, I was at home messing around a couple days later and went to the site and was messing around and could get into everything, their banks accounts etc, called the wife up and told her to tell Andy about it and get his [stuff] secured.

No swearing in the technical forums, please -- Programming Moderator Ken g6

Was even funnier the day he went home early and left his computer on at that office and had a link to it from home and the girls were watching all the p0rn on his sick day at home were watching remotely and giggling about it

Things were even less secure long ago I guess if you could crack into things even.

I don't even play with it these days, would rather mess around with the drumset.

 

[Ken g6]

I think this thread has run its course. Time to close it before it goes any further into Off-Topic-Land.

-- Programming Moderator Ken g6