I'm working on an application which allows a moderator to edit information of user. So, at the moment, i have URL's like http://xxx.xxx/user/1/edit http://xxx.xxx/user/2/edit I'm a bit worried h...

I know that security through obscurity is frowned upon and considered not really secure, but isn't a password security through obscurity? It's only secure so long as no one finds it. Is it just a ...

I've inherited a web app that I've just discovered stores over 300,000 usernames/passwords in plain text in a SQL Server database. I realize that this is a Very Bad Thing™. Knowing that I'll...

I recently came across a system where all of the DB connections were managed by routines obscured in various ways, including base 64 encoding, md5sums and various other techniques. Why is sec...

If you use a GUID as a password for a publicly facing application as a means to gain access to a service, is this security through obscurity? I think the obvious answer is yes, but the level of se...