Error messages

Sep. 7th, 2006 10:38 am
hugme: (Default)
[personal profile] hugme
I have a software package I am trying to set up at work... here is a quote I found on a mailing list from they guy who wrote it:

"...is deliberately obtuse error so that potential hackers will not know why the failure occurred"

because obscurity is security!! right? right?

...sigh...
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Date: 2006-09-08 03:38 am (UTC)
From: [identity profile] techno--mage.livejournal.com
it would be better not to show an error at all, ...just as useful

Date: 2006-09-15 01:33 am (UTC)
From: [identity profile] techaholic.livejournal.com
I believe the nature of the statement is akin to saying "login failure" as opposed to "bad password" or "bad username"

the level of vagueness of the failure message is to help slow down the unraveling of the login puzzle.

It's a small but useful thing.
I've seen your login failure messages. you already practice this security through obscurity method. there is nothing inherently wrong with it as long as it is not meant as a substitute for better security.


$0.02


Robert

Date: 2006-11-19 07:56 pm (UTC)
From: [identity profile] karazorel.livejournal.com
I love the message "An error has occur" [OK] ;)

It secures my total distate of the program ;)
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Profile

hugme: (Default)
hugme

April 2011

S M T W T F S
     12
3456789
10111213141516
17 181920212223
24252627282930

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Apr. 8th, 2026 04:29 pm
Powered by Dreamwidth Studios