On Fri, May 18, 2007 at 03:37:27PM +0200, A. Pagaltzis wrote:
> * Chisel Wright <[EMAIL PROTECTED]> [2007-05-18 13:05]:
> > Security through obscurity isn't security at all.
>
> Just because this is a pet peeve of mine:
>
> Yes it is.
>
> Relying on obscurity as your only defense is foolish, but using
> it as a supplemental layer on top of a defense in depth is
> generally wise.
>
> (In this case, of course, obscurity makes no sense; I am just
> talking about the general case.)
>
> Please quit this “it’s not security at all” cargo cult.
I consider "it's not security at all" to come under "lies told to children".
When confronted with a junior developer thinking it's sufficient as complete
security, it's better to simply tell them never to use it - by the time they
understand the situation well enough -to- use it, they understand well
enough to know that this is an "acceptable generalisation" rather than a
cargo cult.
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director Want a managed development or deployment platform?
Shadowcat Systems Ltd. Contact mst (at) shadowcatsystems.co.uk for a quote
http://chainsawblues.vox.com/ http://www.shadowcatsystems.co.uk/
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
