[jboss-user] [JBoss Seam] - Re: Multiple Domain Quesiton

Saturday, 7 April 2007

anonymous wrote : 
  | I was thinking about how to do this best too for some time and I really think this is
useful, not "security by obscurity", because people wont start to fiddle with
something if they don't know it's there.
  | 

Sorry, but this is the definition of security by obscurity. Access to restricted pages
should be secure especially if people start "fiddling" with them.

I'm not sure if you are aware of the fact that the hostname I use to reach your
machine is entirely under my control. I can just add whatever I want to my /etc/hosts and
I will see those pages.

And once you are using this as a security mechanism you will accidently rely on this
because after a test on your setup it "looks" secure.

So in my opinion your security approach is like aiming the loadded shotgun at your foot
and taking the safety off. You only have to wait a bit before it goes off.

Regards

Felix

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4035515#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [JBoss Seam] - Re: Multiple Domain Quesiton