Menu
I'm dealing with a client who is "concerned about security" and they're demanding all files containing ports and IP addresses (config information essentially) must be encrypted.
My view is that IP addresses and ports are essentially public. The file may give away the nature of the server but this sort of "partial secrecy" to me doesn't really add anything to security other than a false sense of security.
Should this sort of information be stored encrypted?
Edit: One small issue is that it's a mobile device so adding encryption is actually a fairly significant overhead as it's a fairly arduous task for the processor and will cause a performance hit.
960
There is never any harm in keeping as much information private as is possible. The less you give a potential hacker the harder their job will be.
However, the biggest thing to note is as you say, a "false sense of security". As long as the words "noone will hack us they don't know our ip address" are never uttered then that's fine. As soon as you think that this one level of obscurity is enough to keep you safe then you have a problem.
60
There is no harm in ecrypting the file. If the client is happy then do it. I hope it wont be a much of a problem when it comes to development.
But what I would do is also educate the client that "encrypting the ip" DOES not mean that everythign is safe. You can explain about the restricting access through firewall (if possible) is more secure than encrypting.
More over I don't think this is a common practise to encrypt. So you beter document is properly about how you do it and why you do it ;-) so that future programmers know why it has been done.
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
