[Catalyst] Re: OT: security through obscurity (was:
Encrypt/Decrypt URI)
Harshal Shah
harshal.shah at gmail.com
Sat May 19 21:42:16 GMT 2007
Security by obscurity is defnitely not the complete defence in itself
..but it can be a quick layer at the top to keep black hats at bay ..
Thing is ..in my auth mechanism ..I keep building my query condition
by chaining methods to one another to make a single DB call .. for eg
..
method 1 : "where table.owner_id = $c->user->userid" ## see if user
is authorized
method 2 : "and table.attr1 = "value1"
method 3 : "and table.attr2 = "value2" ....so on and so forth...
this query is quite big in my case ...so basically obscurity at the
begining might save lot of CPU cycles....
But I still havn't found a decent way to do that ...
Thanks
Harshal
On 5/19/07, A. Pagaltzis <pagaltzis at gmx.de> wrote:
> * Matt S Trout <dbix-class at trout.me.uk> [2007-05-18 16:40]:
> > I consider "it's not security at all" to come under "lies told
> > to children".
>
> I don't like to think of intelligent adults like that.
>
> > When confronted with a junior developer thinking it's
> > sufficient as complete security, it's better to simply tell
> > them never to use it - by the time they understand the
> > situation well enough -to- use it, they understand well enough
> > to know that this is an "acceptable generalisation" rather than
> > a cargo cult.
>
> If you're a senior on the same project as them and pressed for
> time, maybe. But even then, how much harder is it to say "relying
> on obscurity as your only defense is foolish" compared to
> "security by obscurity isn't security at all"?
>
> Regards,
> --
> Aristotle Pagaltzis // <http://plasmasturm.org/>
>
> _______________________________________________
> List: Catalyst at lists.rawmode.org
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/[email protected]/
> Dev site: http://dev.catalyst.perl.org/
>
--
Harshal Shah
More information about the Catalyst
mailing list