[thesite] UEUE v.0.2 Update
.jeff
jeff at members.evolt.org
Mon Nov 5 21:00:57 CST 2001
matt,
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Warden, Matt
>
> > How far off is UEUE though?
>
> Why does that matter?
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
it's called assessing the risk-factor. if it's a couple of days away then
it's not worth the effort to plug the existing security hole. if it's a
couple of months, then we should probably do something about the existing
problem.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> > I don't see the problem in throwing the password onto
> > the database temporarily to reduce the risk somewhat.
>
> Well shit... why don't we take the datasource name, do
> a bunch of funky shit with it like start out with a
> numerical value, multiply it by another numerical value,
> and then convert each into a character so it takes
> someone a good 10 minutes to figure out what it is?
>
> security by obscurity!
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
dude. now you're just being an immature twit. isaac is *not* suggesting
security by obscurity. he's simply saying that a username and password on
the live datasource would keep people from doing "bad things", which it
will.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> whatever. the people on thesite are the only ones who
> know about this anyways. so, if you're one for security
> by obscurity...
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
again, this is *not* security by obscurity. if that was what we were after
we'd simply create a goofy datasource name. this is real security that
requires an amount of specific knowledge.
besides, don't assume that only thesite knows about this. i seem to recall
you not being willing to talk about existing security holes on m.e.o. before
because the archives were not only public, but indexed by search engines.
i'm not going to sit here and argue with you about it, i have *much* more
important things to take care of (more news later).
thanks,
.jeff
http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/
More information about the thesite
mailing list