Re: The sky is falling! XML's dirty secret! Go back! It's a

To: xml-dev@l...
Subject: Re: The sky is falling! XML's dirty secret! Go back! It's a trap!
From: Paul Prescod <paul@p...>
Date: Sun, 02 Jun 2002 12:49:30 -0700
References: <001801c20882$cc602960$6401a8c0@pcukmka>

Play the video

Michael Kay wrote:
> 
>....
> 
> Actually, I have for a long time been a heretic on this. My
> grandmother's jewellery survived for five years in a house requisitioned
> by the military by being hidden under a loose floorboard, I doubt it
> would have survived if it had been in a locked cupboard. Hiding your
> valuable data works well, providing no-one is making a determined effort
> to find it. The risk of your car being stolen depends much more on where
> you leave it than on whether it is locked. I therefore have some
> sympathy with the author of this article, even though he is ignorant and
> should not be writing about security.

I agree. Security through obscurity is never as good as security through
cryptography but it is better than nothing and can also be used as a
backup, in case security through cryptography fails (e.g. a buffer
overflow in your cryptography software!). For instance, if there turns
out to be a security hole in your sshd, then you might be happy that you
didn't post the IP address for your vulnerable system on the web.

Passwords are security through obscurity (which is why they cause so
many problems). It would probably be too expensive to live in a world
where we replace passwords with cryptographically secure 128-bit hashes.
And the hashes are themselves only useful because they are obscure!

This stuff is always a matter of costs and benefits. The benefits of
hiding the names of tags is tiny and there is the chance that the
software you install to do that would introduce its own security holes.
Plus, given limited budgets, you could spend your effort on something
more likely to produce benefits, like reading CERT advisories or
tightening the firewall or learning a more secure programming language
or...

 Paul Prescod

Follow-Ups:
- Re: The sky is falling! XML's dirty secret! Go back! It's a trap!
  - From: Rich Salz <rsalz@d...>

Prev by Date: Re: The sky is falling! XML's dirty secret! Go back!It's a trap!
Next by Date: RE: [Sax-devel] Re: SAX survey: expected local name for non-namespace qualified elements
Previous by thread: Re: The sky is falling! XML's dirty secret! Go back!It's a trap!
Next by thread: Re: The sky is falling! XML's dirty secret! Go back! It's a trap!
Index(es):
- Date
- Thread

PURCHASE STYLUS STUDIO ONLINE TODAY!

Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced!

Download The World's Best XML IDE!

Accelerate XML development with our award-winning XML IDE - Download a free trial today!

Subscribe in XML format

RSS 2.0
Atom 0.3

Stylus Studio has published XML-DEV in RSS and ATOM formats, enabling users to easily subcribe to the list from their preferred news reader application.

Stylus Studio Sponsored Links are added links designed to provide related and additional information to the visitors of this website. they were not included by the author in the initial post. To view the content without the Sponsor Links please click here.

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >