this post was submitted on 04 May 2026
12 points (68.8% liked)

Technology

85392 readers
4188 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
12
Security Through Obscurity Is NOT Bad - Mo Beigi (mobeigi.com)
submitted 1 month ago by elonmuskszahnbuerste@feddit.org to c/technology@lemmy.world
9 comments fedilink hide all child comments
top 9 comments
sorted by: hot top controversial new old
[–] kyub@discuss.tchncs.de 40 points 1 month ago (1 children)

After you've already established security, you can add obscurity (without compromising security) on top for an even bigger gain in security overall. But you can't do obscurity in place of security.

[–] pipe01@programming.dev 6 points 1 month ago

Yes, that's what the article says

[–] Shayeta@feddit.org 17 points 1 month ago (1 children)

Security through obscurity is a good thing to have, but a bad thing to rely on.

[–] gian@lemmy.grys.it 3 points 1 month ago

/s Technically speaking you rely on it any time you set a password, just saying...

[–] Zwuzelmaus@feddit.org 8 points 1 month ago (1 children)

Always apply your ROT13 twice to make it stronger!

[–] BennyInc@feddit.org 2 points 1 month ago (1 children)

That’s rookie numbers. You gotta pump those up. Go for 2048 times ROT13, or optimize by going 1024 times ROT26. Fully optimized, 512 times ROT52 is the best.

[–] Zwuzelmaus@feddit.org 1 points 1 month ago

Hm. I'm not sure. Which AI has told you that?

[–] phutatorius@lemmy.zip 3 points 1 month ago

It adds nothing and takes effort.

Seems bad to me.

[–] MimicJar@lemmy.world 1 points 1 month ago

I'm not a SQL wizard and I'm typing from my phone but couldn't you just do something like,

select name from sys.tables where name like 'wp%users'

To get the table of WordPress users, then do whatever bad things you want to it?

I get that that's an extra step, and I suppose in the example even though "best practice" is to add random characters, if everyone knows that, then best practice for bad people scripts would probably be to add an extra query.

But my real point is more about adding obfuscation for your developers and server owners. If you're making their jobs harder for no benefit, is it a good change?

I also wonder about adding obfuscation and it causing issues when debugging.

I think adding obfuscation is fine, but it's important to be careful when it comes to your developers and debugging.