Security by obscurity is defnitely not the complete defence in itself ..but it can be a quick layer at the top to keep black hats at bay .. Thing is ..in my auth mechanism ..I keep building my query condition by chaining methods to one another to make a single DB call .. for eg ..
method 1 : "where table.owner_id = $c->user->userid" ## see if user is authorized method 2 : "and table.attr1 = "value1" method 3 : "and table.attr2 = "value2" ....so on and so forth... this query is quite big in my case ...so basically obscurity at the begining might save lot of CPU cycles.... But I still havn't found a decent way to do that ... Thanks Harshal On 5/19/07, A. Pagaltzis <[EMAIL PROTECTED]> wrote:
* Matt S Trout <[EMAIL PROTECTED]> [2007-05-18 16:40]: > I consider "it's not security at all" to come under "lies told > to children". I don't like to think of intelligent adults like that. > When confronted with a junior developer thinking it's > sufficient as complete security, it's better to simply tell > them never to use it - by the time they understand the > situation well enough -to- use it, they understand well enough > to know that this is an "acceptable generalisation" rather than > a cargo cult. If you're a senior on the same project as them and pressed for time, maybe. But even then, how much harder is it to say "relying on obscurity as your only defense is foolish" compared to "security by obscurity isn't security at all"? Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
-- Harshal Shah _______________________________________________ List: [email protected] Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
