On Fri, May 18, 2007 at 03:37:27PM +0200, A. Pagaltzis wrote: > Just because this is a pet peeve of mine: > > Yes it is.
Obscurity is a "constant factor". As soon as one person figures out your obfuscation, it's useless. When someone figures our your real security, it does them no good at all. Since there are 6_000_000_000 people in the world, it's likely that someone has already figured our your obscurity, so only real security matters. It's like saying O(2) instead of O(1). Sure, ``O(2)'' is twice as slow as O(1), but that's irrelevant and you sound stupid when you make a distinction. Finally, the hmac+md5 urls sounds sound from a security standpoint, but it's a really dumb way to write a web app. Regards, Jonathan Rockway _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
