[Catalyst] Re: OT: security through obscurity (was: Encrypt/Decrypt
URI)
A. Pagaltzis
pagaltzis at gmx.de
Sat May 19 10:44:31 GMT 2007
* Matt S Trout <dbix-class at trout.me.uk> [2007-05-18 16:40]:
> I consider "it's not security at all" to come under "lies told
> to children".
I don’t like to think of intelligent adults like that.
> When confronted with a junior developer thinking it's
> sufficient as complete security, it's better to simply tell
> them never to use it - by the time they understand the
> situation well enough -to- use it, they understand well enough
> to know that this is an "acceptable generalisation" rather than
> a cargo cult.
If you’re a senior on the same project as them and pressed for
time, maybe. But even then, how much harder is it to say “relying
on obscurity as your only defense is foolish” compared to
“security by obscurity isn’t security at all”?
Regards,
--
Aristotle Pagaltzis // <http://plasmasturm.org/>
More information about the Catalyst
mailing list