Tuesday, May 16, 2006

obfuscating the QueryString (just don't)

I just read this post by Peter A Bromberg, where he suggests that you can obfuscate the Query string to pass sensitive data around by "performing ASCII-to-HEX scrambling"; the guy usually has good ideas, but this one, please just don't use it, security through obscurity is not security

No comments: