16
I missed the name of this technique in which the person responsible for development rather than dealing with the problem simply hides it.
Example: I have a button that when clicked causes a DROP TABLE to occur in my database. I know that but instead of fixing the problem, I just hide the button so that no one click. However, anyone with knowledge can circumvent this my "solution".
What is the name of this technique?
17
The original term is Security through obscurity or security by obscurantism, in Portuguese.
Contrary to what some preach, it is a very effective technique. It is something extremely used inside and outside computing. The problem begins to exist when she is the only safety technique. Consider it as an extra layer of security.
Invest in something that isn’t popular, something that only you know how it works, and the chances of you being successfully attacked are greatly reduced. You’d need to be a very desirable target for someone to go to all the trouble of trying to figure out your security flaws. It’s much easier to discover the security flaws of something popular, that everyone uses, that anyone can know how it works.
You just can’t think that a basic little hide-and-seek will help anything. There are good and bad ways to do this.
There are many "experts" in security but lack specialists in risk management.
A curious case having the question in a system promoted by the White House. No one questions that her physical safety is also due in part because no one knows how it works. remember that Bushinho appeared without anyone knowing to celebrate the "victory against Iraq"? It was not disclosed before because it was safer so.
Developer has a habit of being more real than royalty (we need more pragmatic and less ideological professionals). Obscurity is a valid technique if not the only one.
The example of the question does not seem to be obscurantism. It seems even gap :)
Browser other questions tagged security-guard
You are not signed in. Login or sign up in order to post.
The name is "bad technique" hehehe. + 1 for having added in the question itself that this is in fact not a safety technique but an "anti-technical" that cannot be considered in any way as some kind of protection (although many people consider - and suffer the consequences). When this "technique" is used and defrauded (it is always defrauded if there is interest), besides compromising the information compromises the moral of the professional (naive) who implemented it.
– Caffé
I think the answer I would write would evade the question and eventually not be suitable for the OS format. Perhaps it is better to leave only the comment even to reinforce the ineffectiveness of this technique.
– Caffé