extreme newbie
Steven D'Aprano
steve at REMOVETHIScyber.com.au
Sat Jun 18 10:27:01 EDT 2005
On Sat, 18 Jun 2005 15:00:02 +0200, Renato Ramonda wrote:
> cpunerd4 ha scritto:
>> thanks all for the advice. The reason I was thinking about using java
>> (or C or something) was that it is a little more secure than
>> distributing the source code isn't it?
>
> As in "protecting your code from prying eyes"?
Code isn't damaged by prying eyes, so why does it need to be protected?
I don't know what cpunerd4 (or whatever she, or he, prefers to be
called) means by "more secure". But to me, "secure" means "there are no
security holes or bugs with security implications in my software".
Hiding the source code does not make software more secure. Any bugs and
security holes will be there whether the software is distributed in source
code, object code, or something in between.
Anybody who thinks that hiding the source code makes their programs more
secure is in for a rude shock. The basic premise of security by obscurity
is that you try to ensure security by hiding certain facts about the
software or algorithm from regular users, hoping that nobody will find out
what those facts are. This is equivalent to putting an unlocked door in
your house, then draping some branches over it, trusting that the burglars
won't see the secret door and gain access to your house.
Anybody who doesn't understand why keeping source code secret does not
increase security should google for "security by obscurity".
--
Steve.
More information about the Python-list
mailing list