Subject | Re: [IB-Architect] Fw: Mischievous SYSDBA |
---|---|
Author | Doug Chamberlin |
Post date | 2000-05-30T10:51:18Z |
At 5/30/00 06:01 AM (Tuesday), Paul Reeves wrote:
above comment says that if Interbase was to have an encryption scheme built
in which is not absolutely secure in that it can be broken with some effort
that it would be "useless". The next paragraph says that someone might
actually depend on this encryption and if they do they clearly will not
know what they are doing.
I say rubbish! We have all talked on and on about how "security through
obscurity is not really security". Ok, from a purist viewpoint it is not.
However, there is plenty of value in a security scheme based on obscurity.
They have protected many systems I have used for many years. Sure, they can
be cracked with a bit of effort but the point is to raise the bar so the
level of effort is more than the target audience will attempt. It works.
Now, doing this does not make me an idiot. I do it fully recognizing the
situation. it is a business decision just like all business decisions which
involve trade offs.
Several Interbase users have requested some type of encryption so that they
can have some type of security through obscurity because they find doing
nothing unacceptable. Jim's (and other's) response has been basically
"Well, you understand that you are not really getting full security,
right?" Their response to that has been "Yes, we understand but we need it
anyway!" There are no idiots here!
I fully support activating the mechanism for encrypting data in the GDB
files. If some developer then goes and places too much reliance on it,
thinking it is an absolutely secure mechanism, then that it their
responsibility. ALl we have is a documentation problem which points out the
shortcomings of the feature.
>I don't mind bright marketing ideas as long as they are obviously justSorry, folks, but I've had just about enough of this purist nonsense. The
>that. One
>requirement should be that a reasonable developer can evaluate such a
>'feature'
>in half an hour and discard it as useless.
>
>After all, some people will actually go away and try building a solution using
>it. Still, it might help in technical support - separate the idiots from those
>that know what they are doing. The 'walk and chew gum' test?
above comment says that if Interbase was to have an encryption scheme built
in which is not absolutely secure in that it can be broken with some effort
that it would be "useless". The next paragraph says that someone might
actually depend on this encryption and if they do they clearly will not
know what they are doing.
I say rubbish! We have all talked on and on about how "security through
obscurity is not really security". Ok, from a purist viewpoint it is not.
However, there is plenty of value in a security scheme based on obscurity.
They have protected many systems I have used for many years. Sure, they can
be cracked with a bit of effort but the point is to raise the bar so the
level of effort is more than the target audience will attempt. It works.
Now, doing this does not make me an idiot. I do it fully recognizing the
situation. it is a business decision just like all business decisions which
involve trade offs.
Several Interbase users have requested some type of encryption so that they
can have some type of security through obscurity because they find doing
nothing unacceptable. Jim's (and other's) response has been basically
"Well, you understand that you are not really getting full security,
right?" Their response to that has been "Yes, we understand but we need it
anyway!" There are no idiots here!
I fully support activating the mechanism for encrypting data in the GDB
files. If some developer then goes and places too much reliance on it,
thinking it is an absolutely secure mechanism, then that it their
responsibility. ALl we have is a documentation problem which points out the
shortcomings of the feature.