[Catalyst] OT: security through obscurity (was:
Encrypt/Decrypt URI)
Jonathan T. Rockway
jon at jrock.us
Fri May 18 17:46:08 GMT 2007
On Fri, May 18, 2007 at 03:37:27PM +0200, A. Pagaltzis wrote:
> Just because this is a pet peeve of mine:
>
> Yes it is.
Obscurity is a "constant factor". As soon as one person figures out
your obfuscation, it's useless. When someone figures our your real
security, it does them no good at all. Since there are 6_000_000_000
people in the world, it's likely that someone has already figured our
your obscurity, so only real security matters.
It's like saying O(2) instead of O(1). Sure, ``O(2)'' is twice as
slow as O(1), but that's irrelevant and you sound stupid when you make
a distinction.
Finally, the hmac+md5 urls sounds sound from a security standpoint,
but it's a really dumb way to write a web app.
Regards,
Jonathan Rockway
More information about the Catalyst
mailing list