Hacker News new | comments | show | ask | jobs | submit login

In my humble opinion, security through obscurity via UUIDS rather than sequential integers is not great advice. It merely masks the real problem.

This isn't an instance of "security through obscurity". This is more akin to suggesting people use non dictionary passwords.


Obscurity can be a fine part of being secure. You have to think carefully about what happens when it fails, and realize that automated bots will tend to find things humans would consider obscure, but don't let the usually-good heuristic become a straightjacket.

Obscurity of the secret is a necessary part of being secure :-P

Security-through-obscurity refers to the notion that your algorithms are a meaningful part of the key.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact