Comments on: 5 things about Google Aps that concern me http://healyourchurchwebsite.com/2007/09/12/5-things-about-google-aps-that-concern-me/ Teaching, rebuking, correcting & training in righteous web design. Wed, 17 Mar 2010 01:14:44 +0000 http://wordpress.org/?v=2.9 hourly 1 By: 5 non-technical reasons your church or charity needs to consider using Google Aps » Heal Your Church WebSite http://healyourchurchwebsite.com/2007/09/12/5-things-about-google-aps-that-concern-me/comment-page-1/#comment-3922 5 non-technical reasons your church or charity needs to consider using Google Aps » Heal Your Church WebSite Wed, 05 Mar 2008 17:11:28 +0000 http://healyourchurchwebsite.com/2007/09/12/5-things-about-google-aps-that-concern-me/#comment-3922 [...]  5 things about Google Aps that concern me [...] [...]  5 things about Google Aps that concern me [...]

]]> By: salguod http://healyourchurchwebsite.com/2007/09/12/5-things-about-google-aps-that-concern-me/comment-page-1/#comment-3732 salguod Wed, 12 Sep 2007 17:07:55 +0000 http://healyourchurchwebsite.com/2007/09/12/5-things-about-google-aps-that-concern-me/#comment-3732 My wife manages the church phone list for our small church (120 or so members). It's just an Excel spreadsheet. She uploaded it to Google spreadsheets to give it a try and sent me an invite to edit it. Would make keeping it current a lot easier. When I followed the link, it immeditately let me see <strong>all</strong> the content. Every church member's address, phone number, email addresses, <em>kids names and birthdays</em>. <strong>All of it.</strong> I wasn't even logged into Google yet. I was shocked. I couldn't edit it, but once I logged into Google I could. I was never given any authentication info for logging into the document nor was I asked to verify that I was the person who was given access. How did Google know that I was authorized to edit it? Simply because I received the email with the appropriate link? What if I forwarded that link to someone else? Is there some way that the authentication is tied into that link and my email account? If there is, it was completely hidden and it seemed that the info was easily accessible or anyone. It felt very, very vulnerable. Needless to say, we removed the document and stuck with the old tech local spreadsheet. My wife manages the church phone list for our small church (120 or so members). It’s just an Excel spreadsheet. She uploaded it to Google spreadsheets to give it a try and sent me an invite to edit it. Would make keeping it current a lot easier.

When I followed the link, it immeditately let me see all the content. Every church member’s address, phone number, email addresses, kids names and birthdays. All of it. I wasn’t even logged into Google yet. I was shocked. I couldn’t edit it, but once I logged into Google I could.

I was never given any authentication info for logging into the document nor was I asked to verify that I was the person who was given access. How did Google know that I was authorized to edit it? Simply because I received the email with the appropriate link? What if I forwarded that link to someone else? Is there some way that the authentication is tied into that link and my email account? If there is, it was completely hidden and it seemed that the info was easily accessible or anyone. It felt very, very vulnerable.

Needless to say, we removed the document and stuck with the old tech local spreadsheet.

]]>