为什么通过默默无闻来确保安全是个坏主意? [英] Why is security through obscurity a bad idea?

问题描述

我最近遇到了一个系统，其中所有数据库连接都由以各种方式隐藏的例程管理，包括 base 64 编码、md5sums 和各种其他技术.

I recently came across a system where all of the DB connections were managed by routines obscured in various ways, including base 64 encoding, md5sums and various other techniques.

为什么通过默默无闻来保证安全是个坏主意?

Why is security through obscurity a bad idea?

推荐答案

默默无闻的安全就是把钱埋在树下.唯一使它安全的事情是没有人知道它在那里.真正的安全是把它放在锁或密码后面，比如放在保险箱里.你可以把保险箱放在街角，因为它的安全在于除了你，没有人可以进去.

Security through obscurity would be burying your money under a tree. The only thing that makes it safe is no one knows it's there. Real security is putting it behind a lock or combination, say in a safe. You can put the safe on the street corner because what makes it secure is that no one can get inside it but you.

正如@ThomasPadron-McCarty 在下面的评论中提到的:

As mentioned by @ThomasPadron-McCarty below in a comment below:

如果有人发现了密码，您只需更改密码即可，这很简单.如果有人找到了位置，您需要挖出钱并将其转移到其他地方，这是更多的工作.如果您在程序中通过隐晦的方式使用安全性，您将不得不重写该程序.

If someone discovers the password, you can just change the password, which is easy. If someone finds the location, you need to dig up the money and move it somewhere else, which is much more work. And if you use security by obscurity in a program, you would have to rewrite the program.

这篇关于为什么通过默默无闻来确保安全是个坏主意?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！