On May 18, 2007, at 9:46 AM, Jonathan T. Rockway wrote:
Obscurity is a "constant factor". As soon as one person figures out
your obfuscation, it's useless. When someone figures our your real
security, it does them no good at all. Since there are 6_000_000_000
people in the world, it's likely that someone has already figured our
your obscurity, so only real security matters.
Steganography is good for 'flying below the radar' but a web app
isn't about that.
Finally, the hmac+md5 urls sounds sound from a security standpoint,
but it's a really dumb way to write a web app.
I would have to disagree. I think it is all about layers of
defense. Relying on
this alone is 'a dumb way to write a web app'. Having this at the top
of your security stack in the request verification phase is smart.
I'll do anything
to prevent unauthorized access to sensitive information.
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
