Changes between Initial Version and Version 1 of Ticket #31787, comment 13
- Timestamp:
- 03/27/2015 05:39:45 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #31787, comment 13
initial v1 1 For the sake of argument, let's say we change the error message to say something else. It would take any decent bot an extremely negligible amount of time to determine username from either the urls as @mark mentionedor the use of an enumeration tool, or any of the other ways usernames are available. I do think that security through obscurity is helpful in some areas, but this change wouldn't slow down anyone with malicious intent.1 For the sake of argument, let's say we change the error message to say something else. It would take any decent bot an extremely negligible amount of time to determine usernames from either the urls, as @mark mentioned, or the use of an enumeration tool, or any of the other ways usernames are available. I do think that security through obscurity is helpful in some areas, but this change wouldn't slow down anyone with malicious intent.