security-by-obscurity | 易学教程

Obfuscation of URLs - rails

阅读更多关于 Obfuscation of URLs - rails

问题 I'm working on a project that's left me stumped, hoping someone out there might have some interesting input. I see there are several gems available for obfuscation of urls, but they seem to stop at the slug level instead of the controller level - i.e. www.foo.com/mycontroller/8sZ16lp. I'm looking for a method to produce something along the lines of www.foo.com/8asd31Ud, dropping the controller name. I checked the docs of the obsufacate_id gem, but it doesn't appear to go that far. To give

Is using a GUID security though obscurity?

阅读更多关于 Is using a GUID security though obscurity?

问题 If you use a GUID as a password for a publicly facing application as a means to gain access to a service, is this security through obscurity? I think the obvious answer is yes, but the level of security seems very high to me since the chances of guessing a GUID is very very low correct? Update The GUID will be stored in a device, when plugged in, will send over the GUID via SSL connection. Maybe I could generate a GUID, then do a AES 128 bit encrption on the GUID and store that value on the

The best approach to scramble CSS definitions to a human-unreadable state throughout an ASP.NET application

阅读更多关于 The best approach to scramble CSS definitions to a human-unreadable state throughout an ASP.NET application

问题 I'm not sure if it will bring anything beyond saving on traffic through the removal of long-worded names, but I would definitely want to hide my system of namings, declarations and their organization. The thing is that manual Find&Replace is going to take a very long time, and each slight modification could probably require the process to be redone in part or in whole. Has anyone thought of this problem? Maybe write a macros? Will it be intelligent enough to be able to discover names in a CSS

Is there any JS library to obscure string manipulation?

阅读更多关于 Is there any JS library to obscure string manipulation?

问题 I'd like to make the string manipulation as obscured as possible. Now I wrote a small function made HEX string from the original string (the length of the result is twice as the length of the original). But even after the uglification the code is too simple to be understood by the hacker. Is there any library which will convert the string to is self (= will not made any changes or made minor changes to the original) with very obscured code? 回答1: May be these tools might help you: Javascript

Isn't a password a form of security through obscurity?

阅读更多关于 Isn't a password a form of security through obscurity?

问题 I know that security through obscurity is frowned upon and considered not really secure, but isn't a password security through obscurity? It's only secure so long as no one finds it. Is it just a matter of the level of obscurity? (i.e. a good password well salted and hashed is impractical to break) Note I'm not asking about the process of saving passwords (Assume they are properly hashed and salted). I'm asking about the whole idea using a password, which is a piece of information, which if

Is using a GUID security though obscurity?

阅读更多关于 Is using a GUID security though obscurity?

If you use a GUID as a password for a publicly facing application as a means to gain access to a service, is this security through obscurity? I think the obvious answer is yes, but the level of security seems very high to me since the chances of guessing a GUID is very very low correct? Update The GUID will be stored in a device, when plugged in, will send over the GUID via SSL connection. Maybe I could generate a GUID, then do a AES 128 bit encrption on the GUID and store that value on the device? In my opinion, the answer is no. If you set a password to be a newly created GUID, then it is a

Why is security through obscurity a bad idea? [closed]

阅读更多关于 Why is security through obscurity a bad idea? [closed]

I recently came across a system where all of the DB connections were managed by routines obscured in various ways, including base 64 encoding, md5sums and various other techniques. Is it just me, or is this overkill? What are the alternatives? Rex M Security through obscurity would be burying your money under a tree. The only thing that makes it safe is no one knows it's there. Real security is putting it behind a lock or combination, say in a safe. You can put the safe on the street corner because what makes it secure is that no one can get inside it but you . As mentioned by @ThomasPadron

Why is security through obscurity a bad idea? [closed]

阅读更多关于 Why is security through obscurity a bad idea? [closed]

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 7 years ago . I recently came across a system where all of the DB connections were managed by routines obscured in various ways, including base 64 encoding, md5sums and various other techniques. Is it just me, or is this overkill? What are the alternatives? 回答1: Security through obscurity would be burying your money under a

Encrypting/Hashing plain text passwords in database

阅读更多关于 Encrypting/Hashing plain text passwords in database

问题 I\'ve inherited a web app that I\'ve just discovered stores over 300,000 usernames/passwords in plain text in a SQL Server database. I realize that this is a Very Bad Thing™. Knowing that I\'ll have to update the login and password update processes to encrypt/decrypt, and with the smallest impact on the rest of the system, what would you recommend as the best way to remove the plain text passwords from the database? Any help is appreciated. Edit: Sorry if I was unclear, I meant to ask what