On Mon, Jul 11, 2005 at 09:27:19AM -0700, Josh Berkus wrote:
> David,
>
> > That some "larger organizations" choose to use the known-unsafe
> > method of security by obscurity is not a reason for anybody here
> > to expend any effort helping them persist in this illusion: quite
> > the opposite, in fact. "Larger organizations" are likely to have
> > security needs which they actually need to address, not to pretend
> > they've addressed while actually making things easy for attackers.
>
> Hmmm, I agree with Merlin, I think. It would be nice if users who
> didn't have permission to EXECUTE functions couldn't view their
> code, either.
Why?
> This would probably carry a performance penalty, though.
> Users with EXECUTE permission not being able to see code just isn't
> practical; we support too many interpreted languages. If this is a
> concern, use C functions and compile binaries. That's secure.
With all due respect, it's not even *close* to secure. There are
plenty of tools out there that allow a person to de-compile a shared
library. A lot of people have learned the hard way over the decades
that any security measure that depends on the attacker's not knowing
the implementation details is fragile, often disastrously so, e.g. the
Enigma machine & friends.
There is no good reason for us to help perpetuate the myth of security
by obscurity, and plenty of good reasons for us *not* to do so.
Cheers,
D
--
David Fetter david@fetter.org http://fetter.org/
phone: +1 510 893 6100 mobile: +1 415 235 3778
Remember to vote!