----- Original Message -----
From: Jochem van Dieten <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 2:53 pm
Subject: Re: Securing CF Apps.
> Dave Watts wrote:
> >> I used to work with a security/cryptology expert. His #1 rule:
> >>
> >> "Never, ever use obfuscation".
> >
> >
> > While I wouldn't categorize myself as a security expert, much
> less a
> > cryptologist, I would disagree with this. At the very least, I'd
> amend it to
> > "Never, ever use obfuscation as your sole method of security."
>
> I would amend it differently:
> "Never, ever use obfuscation if it adds complexity for yourself."
>
>
> > There is nothing wrong with "security through obscurity", as
> long as you
> > don't rely on it as your only protection. I would draw an
> analogy between
> > computer security and getting shot at. When you're being shot
> at, there are
> > two sorts of protection you might resort to. You might take
> cover by getting
> > behind a solid object that can block fire. You might conceal
> yourself behind
> > something that would obscure you as a target. When you're
> getting shot at,
> > cover and concealment are both useful; concealment won't stop a
> bullet, but
> > it'll lessen the likelihood of people shooting in your
> direction. Ideally,
> > you want both cover and concealment, of course, if for no other
> reason than
> > to avoid the stress of being shot at.
>
> Unless you have cover by an object that will stop the small arms
> fire from the other side, but at the same time so well concealed
> your side doesn't see you and you die from 'friendly' fire when
> your side bombs the opponent.
>
> Obfuscation can hurt the obfuscator, just like a firewall can
> introduce a risk to an otherwise well protected computer.
>
> Jochem
>
> --
> I don't get it
> immigrants don't work
> and steal our jobs
> - Loesje
>
>
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
