I’m not a SQL wizard and I’m typing from my phone but couldn’t you just do something like,
select name from sys.tables where name like 'wp%users'To get the table of WordPress users, then do whatever bad things you want to it?
I get that that’s an extra step, and I suppose in the example even though “best practice” is to add random characters, if everyone knows that, then best practice for bad people scripts would probably be to add an extra query.
But my real point is more about adding obfuscation for your developers and server owners. If you’re making their jobs harder for no benefit, is it a good change?
I also wonder about adding obfuscation and it causing issues when debugging.
I think adding obfuscation is fine, but it’s important to be careful when it comes to your developers and debugging.
It adds nothing and takes effort.
Seems bad to me.
After you’ve already established security, you can add obscurity (without compromising security) on top for an even bigger gain in security overall. But you can’t do obscurity in place of security.
Yes, that’s what the article says
Security through obscurity is a good thing to have, but a bad thing to rely on.
/s Technically speaking you rely on it any time you set a password, just saying…
Always apply your ROT13 twice to make it stronger!
That’s rookie numbers. You gotta pump those up. Go for 2048 times ROT13, or optimize by going 1024 times ROT26. Fully optimized, 512 times ROT52 is the best.
Hm. I’m not sure. Which AI has told you that?