A security anti-pattern in which secure information is "protected" by making it "hard to find" in the mistaken belief that it is then secure. It is the approximate equivalent of hiding the front door key under the mat.
Questions tagged [security-by-obscurity]
35 questions
1
vote
2 answers
How to obscure Wordpress?
I am running a site using Wordpress as CMS System.
Now I don't want anyone to know that this site is powered by Wordpress in the background.
Is there any easy way to completely obscure Wordpress?
The first thing I want to do is:
- Rename…
norwald2
- 131
- 1
- 4
1
vote
4 answers
Security by obscurity: what about URLs?
first of all, the question from a naive point of view:
I've got a WebApplication with a URL to a product like Products?id=123. Let's say I've got an administration page reachable from Products?id=123&editable=true.
If I consider that no one will…
Kevin
- 4,618
- 3
- 38
- 61
1
vote
1 answer
How Safe is an Obscure File Download Link?
Here's what I'm trying to do:
I want to distribute my Vcard (.vcf) file by hosting it on my personal website (this part is a rigid requirement). People will access it from a QR code on my business card, however, no links to the file will exist on…
Christian
- 41
- 1
- 3
1
vote
1 answer
Obfuscation of URLs - rails
I'm working on a project that's left me stumped, hoping someone out there might have some interesting input. I see there are several gems available for obfuscation of urls, but they seem to stop at the slug level instead of the controller level -…
PSCampbell
- 858
- 9
- 27
1
vote
8 answers
I want to use security through obscurity for the admin interface of a simple website. Can it be a problem?
For the sake of simplicity I want to use admin links like this for a site:
http://sitename.com/somegibberish.php?othergibberish=...
So the actual URL and the parameter would be some completely random string which only I would know.
I know security…
tom
1
vote
1 answer
OAuth Javascript: twitter, security through obscurity? Have a better approach?
Background
Lets say I want to use twitter's javascript api.
The twitter javascript api says
Be cautious when using JavaScript with OAuth. Don't expose your keys [1].
It sounds like using javascript with OAuth is insecure [2]. Not due to network…
coder
- 1,274
- 1
- 13
- 19
0
votes
2 answers
What techniques are available to obscure shader assets?
I have a number of shaders in my games and apps, I currently use a simple program I made to take the shaders and generate a java class which puts the text into a StringBuilder, one char at a time, so text searching won't find anything if someone…
weston
- 54,145
- 21
- 145
- 203
0
votes
0 answers
Image Privacy: Base64 or Privacy Through Obscurity
I'm trying to find an answer to a dilemma and I'd like some suggestions.
Type of app: a web app using Ruby on Rails.
Issue: product owner wants to minimize access to images for privacy reasons.
Considerations:
Images can be full photos, and are…
Carnigian
- 3
- 4
0
votes
1 answer
Is there a way to obscure the activities with Proguard in Android?
I know that Proguard does not obscure the names of the activities that are declared in the manifest.xml. Is there anyway a way to obscure them?
a.sarto
- 73
- 4
- 12
0
votes
2 answers
Drawing parts of a Blob to html canvas without data urls in Javascript
I'm testing something out using a webapp where users can see a few pieces of an image but not all of it at once. The whole data is sent down to the client and decrypted client-side. That data is then in base64 so I simply use:
img.src =…
Toby
- 226
- 1
- 11
0
votes
4 answers
Rearranging characters in a 15-digit string with the ability to revert to the original string
I have numerous 15-digit numbers. I need to rearrange the digits in each string based on a set order to hide the composite identifiers. For example: convert 123456789123456 to 223134897616545
The method I am thinking of is:
Extract each digit using…
FBP
- 345
- 3
- 15
0
votes
1 answer
Non-accessible configuration design
Due to design constrains the project I am currently working on won't allow us to write certain set of configuration parameters in plain text file such as properties files (mainly due to security constrains).
Is there any way to conceal this…
jfzr
- 374
- 4
- 17
0
votes
1 answer
Numerical Obscurification
Similar to this question in C#: User ID obfuscation
I'm looking for a solution in VBA to obscure a long value through an encoding method and also I would need to be able to decode the number produced as well.
Gareth
- 5,140
- 5
- 42
- 73
0
votes
1 answer
What's the optimal method to obscure String(Java - Serialization)
What's the optimal method to obscure String
For learning purposes I've decided to dig in a bit more into Java Serialization, most of it is fine. However I've been coming across this weird issue when trying to apply simple obscuring to String…
Juxhin
- 5,068
- 8
- 29
- 55
0
votes
0 answers
Database security encoding
I want to ask you if there are (in practice) techniques for encoding a database in such a way, that table names are arbitrary and fields are encoded(not encrypted) in some way.
For example consider a class MVC in which model is devided in "low" and…
user1328370
- 401
- 1
- 3
- 6