Why Calling Everyone a “User” Can Cripple Your Software Security
Using the vague term “user” to describe diverse actors—passengers, agents, services, or system accounts—creates ambiguous models that lead to design flaws and serious security risks such as the Confused Deputy problem, urging developers to adopt precise terminology like “team” and “member” from the start.
When you realize that the lightweight assumptions made at the start of a project were completely wrong after six months of work, you understand the cost of poor initial design.
One common mistake is the indiscriminate use of the word “users”. It suffers from two fundamental problems:
For most requirements, “User” is rarely a good description.
“User” introduces a basic design security flaw.
There Are No “Users”
Initially, no software system truly has “users”. The business logic is far more complex.
Airline reservation systems have no “users”
Example requirements:
Passengers can view reservation details using a reservation code.
Buyers can modify reservations by providing the last four digits of a credit‑card number.
Travel agencies can view and edit their bookings.
Airline check‑in staff can view and modify reservations based on role and airline, requiring passenger identity information.
These concepts are “passenger”, “agent”, and “buyer”, not generic “users”.
Unix has no “users”
In POSIX, the term “user” would cover anyone logging in, system services running under a user account, shared admin accounts, and the root account—four almost distinct concepts.
System services such as mail or web servers may run as a “user” like nginx.
Multiple people often share a single admin account for SSH.
The root identity is separate from other accounts.
Conflating these under “users” creates security problems.
SaaS providers have no “users”
In SaaS, a “user” is usually a person who pays for the service within an organization, and possibly multiple people who use it. Treating them as a single “user” prevents building proper team and payment models.
The lesson is that the vague “user” concept should be replaced by two clearer concepts: “team” (to organize relationships and payments) and “member” (the actual person using the service).
“Users” as a security issue
The word “user” merges two distinct ideas: an individual person and their representation in software, leading to design flaws such as the Confused Deputy problem.
For example, a malicious website can cause a browser running under the system’s user account to upload files, because the browser’s actions are attributed to the same “user” identity as the human.
The value of early design
Spending time up front to define precise terminology saves effort later and avoids the hidden costs of ambiguous concepts like “user”. When starting a new project, allocate a few hours to agree on terms; future you will thank you.
Source: 21CTO Community (translated from Chinese).
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Programmer DD
A tinkering programmer and author of "Spring Cloud Microservices in Action"
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.