> "security by obscurity"? Security by obscurity is not always bad. For example, a lot of people change the "welcome" string on their ftpd so that automated exploits don't get run against their server. It's a small thing, but it really does make a difference. It's like using one of those yellow car steering wheel locks - they may not be all that effective, but give a thief a choice of a car with one and a car without... > is this the _only_ way to fix this?! You have another suggestion? Go back through all the browser security/privacy problems in the last three years, and see how many contain a sentence akin to "if the attacker knows where the user's profile is on the local drive (if it is in the default location), then..." I certainly remember several. Gerv
- Re: Profile directory and "... Phillip M. Jones, C.E.T.
- Re: Profile directory and "salt... Simon Montagu
- Re: Profile directory and "salting"... Gervase Markham
- Re: Profile directory and "salting"... John Dobbins
- Re: Profile directory and "salting". Jason Bassford
- Re: Profile directory and "salting"... Gervase Markham
- Re: Profile directory and "salting&... Jason Bassford
- Re: Profile directory and "salt... Gervase Markham
- Re: Profile directory and "... Phillip M. Jones, C.E.T.
- Re: Profile directory and "salting". Sam Steingold
- Re: Profile directory and "salting"... Gervase Markham
- Re: Profile directory and "salting"... Henri Sivonen
- Re: Profile directory and "salting"... Daniel Veditz
- Re: Profile directory and "salting"... Jason Bassford
- Re: Profile directory and "salting&... Gervase Markham
- Re: Profile directory and "salt... Mike Koenecke
- Re: Profile directory and "salt... jesus X
- Re: Profile directory and "salt... Matthew Thomas
- Re: Profile directory and "... Bill Lee
- Re: Profile directory and &... Gervase Markham
- Re: Profile directory and &... TommyBee
