Sure, but if I want to get a driver’s license, I can’t just walk up to the DMV with a document on the right letterhead and get a license. There’s actually a whole process involving a test.
The fact that a pharmacy requires a prescription on a certain kind of pad from a doctor means that that’s supposed to be a security measure. It’s supposed to stop someone from getting a prescription that they just scribbled on a random piece of paper they found. But, in terms of security, it’s just about the weakest form of security I can imagine.
In theory. In practice, an employee could skip all steps and pretend you concluded the test.
Yes, they could break the rules.
Similarly, a pharmacy expects that you went through a long process with a doctor diagnosing and ordering the medicine.
While following the rules, they could just accept whatever you wrote onto the paper.
See the difference? In one case the security model is reasonable so that it takes an employee cheating / breaking the rules for a bad result. In the other case the security model sucks so an undesirable outcome is possible even if all the security checks are followed.
Sure, but if I want to get a driver’s license, I can’t just walk up to the DMV with a document on the right letterhead and get a license. There’s actually a whole process involving a test.
The fact that a pharmacy requires a prescription on a certain kind of pad from a doctor means that that’s supposed to be a security measure. It’s supposed to stop someone from getting a prescription that they just scribbled on a random piece of paper they found. But, in terms of security, it’s just about the weakest form of security I can imagine.
It’s basically the equivalent of this:
In theory. In practice, an employee could skip all steps and pretend you concluded the test.
Similarly, a pharmacy expects that you went through a long process with a doctor diagnosing and ordering the medicine.
Yes, they could break the rules.
While following the rules, they could just accept whatever you wrote onto the paper.
See the difference? In one case the security model is reasonable so that it takes an employee cheating / breaking the rules for a bad result. In the other case the security model sucks so an undesirable outcome is possible even if all the security checks are followed.