Never Depend on Security Through Obscurity
This phrase has become common lore, but unfortunately the meaning behind it is not as common. Security through obscurity is a phrase that has been given to all methods of security in which the strength of the security relies on a secret that is kept secret only by chance. For example, if you had a secret URL that only privileged people knew about, and you relied on its secrecy as a part of the security, this is an example of security through obscurity.
Another common example is weak cryptographic algorithms that are kept secret as an attempt to strengthen their security. As many cryptoanalysts will stress, peer review is essential for ensuring the strength of cryptographic algorithms. One of the most ...
Get HTTP Developer’s Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
