Would security through obscurity work in and of itself? No, it wouldn't.
However combined with many of the other best practices we have discussed
here today it can make for a reasonably well protected application.
So Matt you tell me how would you have me do it different? You have sat
here and argued all day with out offering a single tangible alternative.
--
Timothy Heald
Web Portfolio Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319
The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s). Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.
-----Original Message-----
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 6:16 PM
To: CF-Talk
Subject: Re: Securing CF Apps.
> The open source community likes to make the point that security
> through
> obscurity doesn't work. Just because someone says it doesn't make it
> true.
> the methods I use to secure my site are open. hell you can go
> download the
> udf I use to do url encryption right now to see how I do it. You can
> even
> crack it if you take the time. It's a seed bump. Just like you have
> to
> decide how much time and money your going to put into securing your
> application or site, so does the intruder have to decide to go after
> you or
> another weaker site.
>
What a terrible statement to make. If you are going to suggest security
through obscurity works; prove it.
> Also not all encryption standards are widely available. As a matter
> of fact
> in some instances it is illegal to let people know the detail of high
> level
> encryption algorithms.
>
Yeah, laws really stopped the exportation of encryption algorithms. :)
-Matt
_____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
