To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 3741
3740  |  3742
Subject: 
 Re: Policy clarification regarding catalogs
Newsgroups: 
 lugnet.admin.general
Date: 
 Sat, 18 Dec 1999 00:14:56 GMT
Viewed: 
 1003 times
  
In lugnet.admin.general, Jasper Janssen writes:
Yes, it is. Anything on an unsecured webserver is being published.

I don't agree.  (I see the point, but I don't think it's that simple.)  What
is security -- fundamentally?

A file served from under the URL

   http://www.foo.foo/images/blort.jpg

where the /images/ directory is HTTP-password-protected with the username
and password combo of "images"/"foo" is actually far less "secure" IMHO than
a "non-secured" file with an obscure _non-linked-to_ URL, for example

   http://www.foo.foo/images/z7jd8x9yri8jz2qtc6jzk2m8vz8.jpg

Security through obscurity may be a weak form of security, but it's still
security (i.e., the intended limitation of viewing).  In fact, any file on
any webserver that's not linked to from some normally-navigable public page
on that webserver is a file which I would call "secured" in some way or
another.  (Again, maybe security through obscurity, but if a file isn't
linked to, then clearly the intention is for it not to be seen.)

Which level/strength of security to use is dependent on how badly you don't
want the stuff to be seen, IMHO.

--Todd



Message has 3 Replies:
  Re: Policy clarification regarding catalogs
 
(...) What about <www.LEGO.com/topsecret> which when I found it last year had pre- release pics of the original SW sets that were coming out. There was a refernce to this URL in a Mania Magazine (which published the URL) but there was no link to (...) (25 years ago, 18-Dec-99, to lugnet.admin.general)
  Re: Policy clarification regarding catalogs
 
(...) I don't think that's clear at all! It may be simply a matter of poor index design, or laziness. Luckily for my argument :) I have a great example of this already. <URL:(URL) is an intended-to-be-public website. Check out <URL:(URL): you won't (...) (25 years ago, 18-Dec-99, to lugnet.admin.general)
  Re: Policy clarification regarding catalogs
 
(...) Not necessarily. Does (URL) contain links to all the users /~user directories? In 90% of the cases, in my experience,. not. Same for ISPs. So 90% of the web is not intended to be seen by your logic. Security through obscurity is no security at (...) (25 years ago, 18-Dec-99, to lugnet.admin.general)

Message is in Reply To:
  Re: Policy clarification regarding catalogs
 
(...) It is the same as posting the images. It has NOTHING AT ALL to do with posting links. (...) Yes, it is. Anything on an unsecured webserver is being published. That's what a webserver is FOR. Jasper (25 years ago, 17-Dec-99, to lugnet.admin.general)

93 Messages in This Thread:
































Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR