为什么通过晦涩的安全是一个坏主意？ [英] Why is security through obscurity a bad idea?

问题描述

我最近遇到了一个系统，其中所有的DB连接都是以各种方式模糊的例程进行管理的，包括基本64编码，md5sums和各种其他技术。

这只是我吗，还是这个过度的杀戮？什么是替代方案？

解决方案

通过晦涩的安全将把你的钱埋在一棵树下。唯一可以使它安全的事情就是没有人知道它在那里。真正的安全是把它放在一个锁或组合，说在一个安全。

如上所述，您可以将安全套放在街角，因为安全可靠，是没有人可以进入， @ ThomasPadron-McCarty在下面的评论中：

如果有人发现密码，您只需更改密码即可。如果有人找到位置，你需要挖掘钱，并将其移动到别的地方，这是更多的工作。如果您在程序中使用安全性，则必须重写程序。

I recently came across a system where all of the DB connections were managed by routines obscured in various ways, including base 64 encoding, md5sums and various other techniques.

Is it just me, or is this overkill? What are the alternatives?

解决方案

Security through obscurity would be burying your money under a tree. The only thing that makes it safe is no one knows it's there. Real security is putting it behind a lock or combination, say in a safe. You can put the safe on the street corner because what makes it secure is that no one can get inside it but you.

As mentioned by @ThomasPadron-McCarty below in a comment below:

If someone discovers the password, you can just change the password, which is easy. If someone finds the location, you need to dig up the money and move it somewhere else, which is much more work. And if you use security by obscurity in a program, you would have to rewrite the program.

这篇关于为什么通过晦涩的安全是一个坏主意？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！