On Sat, 26 Feb 2000, Marcus Brinkmann wrote:
> On Thu, Feb 24, 2000 at 04:25:25PM -0500, [EMAIL PROTECTED] wrote:
> >
> > It does make more sense though that you should give the possible
> > attacker as little information about the system as you can.
>
> In general, security through obscurity is not sufficient as a protection
> strategy.
Marcus.
This is not security by obscurity. It is long-established practice.
>
> The user login name is often very exposed, for example in email addresses,
> log files etc. If you already have an account, you can usually just list
> /home to get all user names of a system.
But the problem pointed out allows an attacker *without* an account to gain
information.
<snip>
----
Guy W. Hulbert At Work:
[EMAIL PROTECTED] [EMAIL PROTECTED]
