Skip to content

re: Thoughts on "Security Through Obscurity" VIEW POST


I do not get why people still think "security through obscurity (STO)" is a good idea in any form. As a developer, over the years I have seen and identified many STO instances; things people thought they got away with or they thought they were smart by implementing (including junior me).

The problem is they are not as obscure as everyone thinks; especially because so many people do it. All you are doing is shifting the problem to a different location.

STO is basically the dev equivalent of the delivery woman or man hiding your box under a rug.

One last thought, I really urge people not to do STO. We are in 2018, we have ways and means of protecting data and access to systems. If you are smart enough to obfuscate, there will be someone else smarter to figure it out.

Really hidden

code of conduct - report abuse