Comment by econ
2 months ago
If you have an injection friendly application then that is the security problem.
Say someone hacks the db, is the problem easy to guess table names? The column should never have be called "passwords"?
Perhaps 30 years ago that would sound good.
Obscurity should hardly ever be a line of defense. If it is the only defense the problem isn't that it wasn't obscure enough.
Edit:
I'll do you one better. If you so much as suggest that obscurity is good security you actually openly invite people to fool around with your applications. The odds holes are to be found are much better than elsewhere.
What do you do when you know you've got a pile of poorly written insecure software and no money to improve it?
I probably delete everything and pretend it never happened. It depends ofc on the worse case scenario. What can i do/afford to deal with the greatest risk? I might use it on a machine without internet.