[Catalyst] OT: security through obscurity (was: Encrypt/Decrypt URI)
A. Pagaltzis
pagaltzis at gmx.de
Fri May 18 14:37:27 GMT 2007
* Chisel Wright <chisel at herlpacker.co.uk> [2007-05-18 13:05]:
> Security through obscurity isn't security at all.
Just because this is a pet peeve of mine:
Yes it is.
Relying on obscurity as your only defense is foolish, but using
it as a supplemental layer on top of a defense in depth is
generally wise.
(In this case, of course, obscurity makes no sense; I am just
talking about the general case.)
Please quit this “it’s not security at all” cargo cult.
Regards,
--
Aristotle Pagaltzis // <http://plasmasturm.org/>
More information about the Catalyst
mailing list