--
Timothy Heald
Web Portfolio Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319
The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s). Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 4:36 PM
To: CF-Talk
Subject: RE: RE: RE: Securing CF Apps.
> I used to work with a security/cryptology expert. His #1 rule:
>
> "Never, ever use obfuscation".
While I wouldn't categorize myself as a security expert, much less a
cryptologist, I would disagree with this. At the very least, I'd amend it to
"Never, ever use obfuscation as your sole method of security."
There is nothing wrong with "security through obscurity", as long as you
don't rely on it as your only protection. I would draw an analogy between
computer security and getting shot at. When you're being shot at, there are
two sorts of protection you might resort to. You might take cover by getting
behind a solid object that can block fire. You might conceal yourself behind
something that would obscure you as a target. When you're getting shot at,
cover and concealment are both useful; concealment won't stop a bullet, but
it'll lessen the likelihood of people shooting in your direction. Ideally,
you want both cover and concealment, of course, if for no other reason than
to avoid the stress of being shot at.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
