Why is security through obscurity a bad idea? [clo

2019-01-02 15:20发布

I recently came across a system where all of the DB connections were managed by routines obscured in various ways, including base 64 encoding, md5sums and various other techniques.

Is it just me, or is this overkill? What are the alternatives?

14条回答
孤独总比滥情好
2楼-- · 2019-01-02 16:04

One factor the ability to recover from a security breach. If someone discovers your password, just reset it. But if someone uncovers your obscure scheme, you're hosed.

查看更多
萌妹纸的霸气范
3楼-- · 2019-01-02 16:04

It is almost never a good idea. It is the same to say, is it a good idea to drive without seatbelt? Of course you can find some cases where it fits, but the anwser due to experience seems obvious.

查看更多
宁负流年不负卿
4楼-- · 2019-01-02 16:06

Using obscurity as all these people agree is not security, its buying yourself time. That said having a decent security system implemented then adding an extra layer of obscurity is still useful. Lets say tomorrow someone finds an unbeatable crack/hole in the ssh service that can't be patched immediately.

As a rule I've implemented in house... all public facing servers expose only the ports needed ( http/https ) and nothing more. One public facing server then will have ssh exposed to the internet at some obscure high numbered port and a port scanning trigger setup to block any IP's that try to find it.

Obscurity has its place in the world of security, but not as the first and last line of defense. In the example above, I don't get any script/bot attacks on ssh because they don't want to spend the time searching for a non-standard ssh service port and if they do, their unlikely to find it before another layer of security steps in and cuts them off.

查看更多
栀子花@的思念
5楼-- · 2019-01-02 16:06

Weak encryption will only deter the least motivated hackers, so it isn't valueless, it just isn't very valuable, especially when strong encryption, like AES, is available.

Security through obscurity is based on the assumption that you are smart and your users are stupid. If that assumption is based on arrogance, and not empirical data, then your users- and hackers-- will determine how to invoke the hidden method, bring up the unlinked page, decompile and extract the plain text password from the .dll, etc.

That said, providing comprehensive meta-data to users is not a good idea, and obscuring is perfectly valid technique as long as you back it up with encryption, authorization, authentication and all those other principles of security.

查看更多
笑指拈花
6楼-- · 2019-01-02 16:07

The one point I have to add which hasn't been touched on yet is the incredible ability of the internet to smash security through obscurity.

As has been shown time and time again, if your only defense is that "nobody knows the back door/bug/exploit is there", then all it takes is for one person to stumble across it and, within minutes, hundreds of people will know. The next day, pretty much everyone who wants to know, will. Ouch.

查看更多
荒废的爱情
7楼-- · 2019-01-02 16:08

If the OS is Windows, look at using the Data Protection API (DPAPI). It is not security by obscurity, and is a good way to store login credentials for an unattended process. As pretty much everyone is saying here, security through obscurity doesn't give you much protection.

http://msdn.microsoft.com/en-us/library/ms995355.aspx

http://msdn.microsoft.com/en-us/library/ms998280.aspx

查看更多
登录 后发表回答