[jboss-user] [JBoss Seam] - Re: Multiple Domain Quesiton
fhh
do-not-reply at jboss.com
Sat Apr 7 09:18:57 EDT 2007
anonymous wrote :
| I was thinking about how to do this best too for some time and I really think this is useful, not "security by obscurity", because people wont start to fiddle with something if they don't know it's there.
|
Sorry, but this is the definition of security by obscurity. Access to restricted pages should be secure especially if people start "fiddling" with them.
I'm not sure if you are aware of the fact that the hostname I use to reach your machine is entirely under my control. I can just add whatever I want to my /etc/hosts and I will see those pages.
And once you are using this as a security mechanism you will accidently rely on this because after a test on your setup it "looks" secure.
So in my opinion your security approach is like aiming the loadded shotgun at your foot and taking the safety off. You only have to wait a bit before it goes off.
Regards
Felix
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4035515#4035515
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4035515
More information about the jboss-user
mailing list