I must agree. Security by obscurity is not the best approach, even
though it appears to give some short-term benefits. See Schneier's
analysis [1], for discussion. Changing URLs by algorithm is just
another form of obscurity, which yields fragility and fails badly in
the case where the algorithm can be uncovered.
TimBL, et al, didn't say that URIs are cool because they don't change,
they said that URIs that don't change are cool for some very good
reasons.
Regards,
Dave
[1] Bruce Schneier, Secrets & Lies; Digital Security in a Networked
World, Wiley Computer Publishing, 2000, pp. 344.
On Jul 16, 2009, at 9:26 AM, Eric Hellman wrote:
The suggestion in this so-called security brief is not even secure.
On Jul 15, 2009, at 2:24 PM, Reilly Hayes wrote:
http://msdn.microsoft.com/en-us/magazine/dd458793.aspx
Eric Hellman
President, Gluejar, Inc.
41 Watchung Plaza, #132
Montclair, NJ 07042
USA
[email protected]
http://go-to-hellman.blogspot.com/
