• merc@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Sure, but if I want to get a driver’s license, I can’t just walk up to the DMV with a document on the right letterhead and get a license. There’s actually a whole process involving a test.

    The fact that a pharmacy requires a prescription on a certain kind of pad from a doctor means that that’s supposed to be a security measure. It’s supposed to stop someone from getting a prescription that they just scribbled on a random piece of paper they found. But, in terms of security, it’s just about the weakest form of security I can imagine.

    It’s basically the equivalent of this:

    Fence gate blocking a path, but no fence on the grass next to it

      • merc@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        In theory. In practice, an employee could skip all steps and pretend you concluded the test.

        Yes, they could break the rules.

        Similarly, a pharmacy expects that you went through a long process with a doctor diagnosing and ordering the medicine.

        While following the rules, they could just accept whatever you wrote onto the paper.

        See the difference? In one case the security model is reasonable so that it takes an employee cheating / breaking the rules for a bad result. In the other case the security model sucks so an undesirable outcome is possible even if all the security checks are followed.