Timeline for Is a website published in an obscure directory comparably secure to being placed behind a login?
Current License: CC BY-SA 3.0
12 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 16, 2020 at 9:49 | history | edited | CommunityBot | Commonmark migration | |
| May 14, 2015 at 15:25 | comment | added | Gilles 'SO- stop being evil' | @HagenvonEitzen Do people still use basic HTTP authentication these days? | |
| May 14, 2015 at 15:22 | comment | added | Hagen von Eitzen | But what if the password is in fact leaked in a search engine friendly way, such as a link to username:[email protected]/secretpage.html ? | |
| May 13, 2015 at 2:44 | comment | added | CodeMoose | @Gilles thanks also for the excellent answer, learned a lot of unexpected things in this process. | |
| May 13, 2015 at 2:39 | comment | added | CodeMoose | @SteveDL That might be correct - I thought I had a solid grasp on the question, but it looks like it's more nuanced than I thought. Thanks for bearing with me! | |
| May 12, 2015 at 23:06 | comment | added | Steve Dodier-Lazaro | @CodeMoose I think you were expecting a high-level comment on the design of your security requirement, but you asked the question in implementation terms, hence you attracted implementation-level replies. Is that correct? | |
| May 12, 2015 at 22:37 | comment | added | Gilles 'SO- stop being evil' | @CodeMoose I really struggle to understand your comment. My answer is pretty much only “here's the x, y, z factors you haven't considered”, and I nowhere say anything like “this isn't a realistic question”. It's a realistic and reasonable question, and the answer is a strong no. | |
| May 12, 2015 at 22:32 | comment | added | CodeMoose | And yet, what I'm reading seems to say "here's why this isn't a realistic question to ask", not "given those points, here's the x factor you haven't considered". Again, I appreciate the input, you very clearly know what you're talking about :) I'm just looking for an answer in a different avenue, and was trying to give feedback to that effect. | |
| May 12, 2015 at 22:23 | comment | added | Gilles 'SO- stop being evil' | @CodeMoose Feedback that just says “wrong password” isn't useful feedback. Accidental indexing is not a moot point, it's a pretty common risk. I'm reasonably confident that I have understood the question, and I addressed quite a few of your points directly. | |
| May 12, 2015 at 22:17 | comment | added | CodeMoose | While I understand the points you're trying to make, it may be beneficial to put a bit more effort into understanding the actual question so you can answer accurately. I'll also try to make edits to make it more clear what I'm asking. | |
| May 12, 2015 at 22:16 | comment | added | CodeMoose | While you raise good points, I don't feel you've addressed the spirit of the question. I agree on the DNS vulnerability - that's why this question involves subdirectories, not subdomains. The accidental indexing is moot, since one of the assumptions of the question is that the subdirectory is established undisclosed and unindexed. Lastly, I respectfully disagree that the login page point "doesnt make any sense". What value is there in an attacker picking a random domain and combing for possibly hidden content? It'll almost never be successful. A login page, even locked down, provides feedback. | |
| May 12, 2015 at 22:00 | history | answered | Gilles 'SO- stop being evil' | CC BY-SA 3.0 |