FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176619 is a reply to message #176617] Wed, 11 January 2012 19:01 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 1/11/2012 12:09 PM, Arno Welzel wrote:
> Jerry Stuckle, 2012-01-11 15:51:
>
>> On 1/11/2012 9:47 AM, Arno Welzel wrote:
>>> Jerry Stuckle, 2012-01-11 14:44:
>>>
>>>> On 1/11/2012 5:00 AM, Arno Welzel wrote:
>>>> > Jerry Stuckle, 2012-01-08 21:59:
>>>> >
>>>> > [...]
>>>> >> I do other things also, but don't want to get into too much detail in a
>>>> >> public forum.
>>>> >
>>>> > "Security by obscurity" does not work. If your security only relies on
>>>> > the fact, that you try to keep the procedures or code a secret, it is
>>>> > flawed.
>>>>
>>>> No, security by obscurity does not work. But that does not mean one
>>>> should broadcast to the world everything he does.
>>>
>>> Of course it is not neccessary to publish every detail about the
>>> procedures to avoid spam, attacks etc. - but some basic procedures
>>> should be discussed in public, since you might often think you are
>>> "secure" but you just didn't see the flaws in your procedures yet.
>>>
>>> For example: I use SpamAssassin and do greylisting on my server. If i
>>> would get less spam just because i keep this information a secret then
>>> SpamAssassin itself and greylistign should be considered useless.
>>>
>>>
>>
>> In your opinion, anyway. Security experts (which I don't claim to be -
>> but know several) disagree. There is no reason to draw a map to your
>> house even if the door is locked.
>
> Well - usually you don't need to draw a map to a house, since maps of
> most areas in the world already exist. Did you mean "no reason to
> publish the address of a house..."? But where does this end... "no
> reason to do let anyone even know you exist at all?" *scnr*
>
> Concerning PHP: Code is not more secure, just because it is closed
> source. I don't think, that any security expert will tell the opposite.
>

Let's see you find detailed instructions on how to build a hydrogen
bomb. You won't find it - it's secret. Never mind that you could never
do it because you don't have a source of highly enriched uranium or
plutonium required for the trigger.

Not telling the world how you do something is not "security by
obfuscation". But it IS security.

And once again, this is off topic in this newsgroup and will be the last
I have to say about the subject.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 23:02:05 GMT 2024

Total time taken to generate the page: 0.05027 seconds