> security.
> Would security through obscurity work in and of itself?��No, it
> wouldn't.
> However combined with many of the other best practices we have
> discussed
> here today it can make for a reasonably well protected application.
>
Security through obscurity doesn't affect how secure an application is.
It may effect how long and how much analysis is needed, but unless it
creates an unreasonable barrier it is worthless. For example, Windows's
passwords are stored as hashs in an unprotected file. Given physical
access to the machine I could change the password in less than 5
minutes. However, to actually get the password itself could take
anywhere from 15 minutes to a month.
> So Matt you tell me how would you have me do it different?��You have
> sat
> here and argued all day with out offering a single tangible
> alternative.
>
Security issues aren't dealt with in application development by
following a list of procedures. Building a secure application requires
understanding of security issues in general first. Then a list of
practices can be provided to deal with those security issues. If I was
a better writer I might be able to provide that kind of insight over
email, but unfortunately that isn't the case. Of course, I am speaking
at CFUN-04 on security, so for those of you interested; you should
attend my talk.
-Matt
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
