[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] Userdb password security/ Security ?
****** message to minivend-users from Mike Heins <mike@minivend.com> ******
Quoting Gideon van Gelder (gideon@swingmaster.nl):
>
> Thank you for your great response, Mike.
>
> But I'm not using SQL: wouldn't it suffice for me
> to do what I already did: simply change the name of the
> userdb-table to one that can't be guessed, like a password
> isn't supposed to be guessed either?
> If the intruder doesn't know the database-name, and you're
> not using SQL, he can't find anything, or am I wrong ?
It might work in the short term, but security by obscurity is not the
best policy -- it is best to just fix the hole. 8-)
--
Mike Heins http://www.minivend.com/ ___
Internet Robotics |_ _|____
When the only tool you have is a 131 Willow Lane, Floor 2 | || _ \
hammer, all your problems tend to Oxford, OH 45056 | || |_) |
look like nails. <mikeh@minivend.com> |___| _ <
-- Abraham Maslow 513.523.7621 FAX 7501 |_| \_\
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
