Re: Small Bug
On Sat, 26 Feb 2000, Marcus Brinkmann wrote:
> On Thu, Feb 24, 2000 at 04:25:25PM -0500, dallen@capitalone.com wrote:
> >
> > It does make more sense though that you should give the possible
> > attacker as little information about the system as you can.
>
> In general, security through obscurity is not sufficient as a protection
> strategy.
Marcus.
This is not security by obscurity. It is long-established practice.
>
> The user login name is often very exposed, for example in email addresses,
> log files etc. If you already have an account, you can usually just list
> /home to get all user names of a system.
But the problem pointed out allows an attacker *without* an account to gain
information.
<snip>
----
Guy W. Hulbert At Work:
guy@interlog.com guy@bioinfo.sickkids.on.ca
Reply to:
- Follow-Ups:
- Re: Small Bug
- From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Small Bug
- From: nisse@lysator.liu.se (Niels Möller)