Re: Magic quotes? Should I still be cautious?



Jerry Stuckle, 2012-01-11 15:51:

On 1/11/2012 9:47 AM, Arno Welzel wrote:
Jerry Stuckle, 2012-01-11 14:44:

On 1/11/2012 5:00 AM, Arno Welzel wrote:
Jerry Stuckle, 2012-01-08 21:59:

[...]
I do other things also, but don't want to get into too much detail in a
public forum.

"Security by obscurity" does not work. If your security only relies on
the fact, that you try to keep the procedures or code a secret, it is
flawed.

No, security by obscurity does not work. But that does not mean one
should broadcast to the world everything he does.

Of course it is not neccessary to publish every detail about the
procedures to avoid spam, attacks etc. - but some basic procedures
should be discussed in public, since you might often think you are
"secure" but you just didn't see the flaws in your procedures yet.

For example: I use SpamAssassin and do greylisting on my server. If i
would get less spam just because i keep this information a secret then
SpamAssassin itself and greylistign should be considered useless.



In your opinion, anyway. Security experts (which I don't claim to be -
but know several) disagree. There is no reason to draw a map to your
house even if the door is locked.

Well - usually you don't need to draw a map to a house, since maps of
most areas in the world already exist. Did you mean "no reason to
publish the address of a house..."? But where does this end... "no
reason to do let anyone even know you exist at all?" *scnr*

Concerning PHP: Code is not more secure, just because it is closed
source. I don't think, that any security expert will tell the opposite.


--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
.



Relevant Pages

  • Re: What a game! (Was: Re: SSL cryptographic web browser vulnerability)
    ... Please don't discuss security issues in a public forum. ... provides details of a cryptographic vulnerability in the SSL ... The attack allows someone to forge arbitrary certificates if the signing ...
    (comp.os.vms)
  • Re: What a game! (Was: Re: SSL cryptographic web browser vulnerability)
    ... Please don't discuss security issues in a public forum. ... provides details of a cryptographic vulnerability in the SSL ... The attack allows someone to forge arbitrary certificates if the signing ...
    (comp.os.vms)
  • Re: Magic quotes? Should I still be cautious?
    ... public forum. ... "Security by obscurity" does not work. ... security by obscurity does not work. ... I use SpamAssassin and do greylisting on my server. ...
    (comp.lang.php)
  • What a game! (Was: Re: SSL cryptographic web browser vulnerability)
    ... Please don't discuss security issues in a public forum. ... The attack allows someone to forge arbitrary certificates if the signing ... Details are also on the Mozilla site at ...
    (comp.os.vms)
  • Security
    ... public forum, especially when the forum is about security ... >My Domain Controller is Windows NT server. ... >I have windows 2000 server running IIS 5. ... >But I need improve security to use that file.. ...
    (microsoft.public.win2000.security)