Security through foreign languages.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Security through foreign languages.

Post by califdon »

kaisellgren wrote:
califdon wrote:I can certainly understand the motivation to program in your native language.

By the way, I have never heard of the English word "obscuration", but this usually called "obfuscation". Today's English lesson! :P
Something wierd happened. You made three posts :)

Btw, http://www.thefreedictionary.com/Obscuration
I noticed something odd going on when I posted that...probably caused by some BB code written in Finnish! :P Fortunately, as a moderator, it's easy for me to delete the extra posts.

I almost looked up that word, but I can tell you, both as a native English speaker and as a career editor, teacher and technical writer, that it is not in common usage. Obfuscation is the term that is normally used for this technique.

In English we have some quite funny usages, as I'm sure is true of most languages. The word 'obfuscation' is not a commonly used word outside of computer security discussions, and another proper, but rarely used word is 'eschew', meaning to refrain from. There's a famous bumper sticker that says, "Eschew Obfuscation". :)
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Security through foreign languages.

Post by kaisellgren »

califdon wrote:
kaisellgren wrote:
califdon wrote:I can certainly understand the motivation to program in your native language.

By the way, I have never heard of the English word "obscuration", but this usually called "obfuscation". Today's English lesson! :P
Something wierd happened. You made three posts :)

Btw, http://www.thefreedictionary.com/Obscuration
I noticed something odd going on when I posted that...probably caused by some BB code written in Finnish! :P Fortunately, as a moderator, it's easy for me to delete the extra posts.

I almost looked up that word, but I can tell you, both as a native English speaker and as a career editor, teacher and technical writer, that it is not in common usage. Obfuscation is the term that is normally used for this technique.

In English we have some quite funny usages, as I'm sure is true of most languages. The word 'obfuscation' is not a commonly used word outside of computer security discussions, and another proper, but rarely used word is 'eschew', meaning to refrain from. There's a famous bumper sticker that says, "Eschew Obfuscation". :)
Great, thanks for enlightening me :D
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Security through foreign languages.

Post by Mordred »

Kai, I support your general idea (it was one of my main suggestions in that password storage article I posted here some years ago), but I think you and the others in the discussion are largely missing the point.

The relevant (and more realistic) treat model here is not someone reading your source code, but someone accessing your database by SQL injection. Since there are only some limited mechanisms of finding out table and field names, it can be THE single most powerful mitigation measure.

As for "protecting" code by obfuscating the symbol names, one, it would only slow someone and two, if you still want code obfuscation, it's always better to code comfortably in whatever language you like and then postprocess the code before publishing it using truly random names.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Security through foreign languages.

Post by califdon »

Hey, now you've got the security guru, and he's from Bulgaria! Now you have resources for two of the three really difficult languages in the world!! :lol: Any Hungarians out there??

[Edit:] Could you guys coordinate and come up with something like Bulgarish or Finngarian, maybe? :?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Security through foreign languages.

Post by kaisellgren »

califdon wrote:Hey, now you've got the security guru, and he's from Bulgaria! Now you have resources for two of the three really difficult languages in the world!! :lol: Any Hungarians out there??

[Edit:] Could you guys coordinate and come up with something like Bulgarish or Finngarian, maybe? :?
Finngarian would be probably harder then cracking into CIA :crazy:

I still don't think these two are comparable to Korean, Japanese or Chinese :lol:
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Security through foreign languages.

Post by Mordred »

Bah... nothing but Lojban will work. (http://en.wikipedia.org/wiki/Lojban)
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Security through foreign languages.

Post by kaisellgren »

Mordred wrote:Bah... nothing but Lojban will work. (http://en.wikipedia.org/wiki/Lojban)
But isn't it relatively easy to learn?
Post Reply