WebApp Sec mailing list archives
What Would Disney Do ?
From: "Mark Curphey" <mark () curphey com>
Date: Wed, 28 Jul 2004 10:03:10 -0400
Yesterdays discussion about SSL login pages got me thinking about ways to make it easy for users to do the right thing and hard to do the wrong thing. I found some security architecture slides on the floptop from ages ago (I don't recall where the original text should be contributed to) Disney Many people visit Disney World and have a good time because their surroundings are controlled. This in turn makes it easier to control people's behavior and minimize problems. By using physical barriers and having a cheerful staff, Disney World makes it easy for visitors to conform and "do the right thing". - Physical barriers (fountains, flower gardens) - Limit the choices people can make about where to walk - Guests are given constant instruction to minimize disorder - Guests are constantly under surveillance by employees - Many exhibits are only viewed through riding in a vehicle Order is maintained through voluntary activity The control at Disney World is subtle and embedded in the routine activities of employees and visitors. It is designed to prevent any disorder and make everyone's visit as enjoyable as possible. Some of these things of course could be tied to the architectural patters discussed last week (limited view etc) Just thought it was an interesting anecdote.
Current thread:
- What Would Disney Do ? Mark Curphey (Jul 28)
- Re: What Would Disney Do ? access_denied (Jul 29)
- Re: What Would Disney Do ? Pete Herzog (Jul 29)