On Fri, Jun 3, 2011 at 8:29 AM, Darien Caldwell <darien.caldw...@gmail.com>wrote:
> > On Jun 2, 7:54 am, J C <ciho...@gmail.com> wrote: > > "Security through obscurity" is really the only way? > > You make it sound like a bad thing. All security is through obscurity. > Even RSA encryption is only as good as not knowing the key to decode > it. Whoever started that "Security through Obscurity is no security > at all" meme did a whole generation a bad service. > I think you misunderstand the intended meaning of security through obscurity. The term is used to refer to situations in which security is dependent on the attacker not being aware of certain implementation details such as the cipher being used. In the history of cryptography, keyed ciphers were specifically designed to avoid this issue, restricting the need for secrecy to certain well defined bits of information (the key). In general, if information disclosure requires you to redesign part of your system, you're practicing security through obscurity. http://en.wikipedia.org/wiki/Security_through_obscurity -Nick Johnson > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appengine@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- Nick Johnson, Developer Programs Engineer, App Engine -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
