Re: Small Bug

To: nisse@lysator.liu.se (Niels Mvller)
Cc: guy@interlog.com, Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>, dallen@capitalone.com, debian-hurd@lists.debian.org
Subject: Re: Small Bug
From: tb@MIT.EDU (Thomas Bushnell, BSG)
Date: 06 Mar 2000 23:21:15 -0500
Message-id: <[🔎] u1hu2ij4dhg.fsf@jiffy-express.mit.edu>
In-reply-to: nisse@lysator.liu.se's message of "05 Mar 2000 19:43:31 +0100"
References: <[🔎] Pine.LNX.3.96.1000305093501.18968A-100000@hal.dms.sni.ca> <[🔎] nng0u5qmuk.fsf@sture.lysator.liu.se>

nisse@lysator.liu.se (Niels Mvller) writes:

> "Guy's Account" <guy@interlog.com> writes:
> 
> > This is not security by obscurity.  It is long-established practice.
> 
> It might well be "long-established practice". But I still agree with
> Marcus that it (usually) is security by obscurity.

It's also not established practice any longer.  Kerberos freely tells
clients the difference between no-such-user and incorrect-password,
and the mail system and ftp and many other programs do the same.  So
it's no longer meaningful for the login system to bother with it.

Reply to:

References:
- Re: Small Bug
  - From: "Guy's Account" <guy@interlog.com>
- Re: Small Bug
  - From: nisse@lysator.liu.se (Niels Möller)

Prev by Date: Unidentified subject!
Next by Date: RE: GNU 2000/03/01 uploaded
Previous by thread: Re: Small Bug
Next by thread: Re: Small Bug
Index(es):
- Date
- Thread