Security by obscurity...
-
Hello...
Here is another little gem i found. I am working on a system and i needed to create a user. Its a simple setup in the DB with a User, Roles, and a UserRole table...
So I created a user, and wanted to add myself to the appropriate roles.. The Roles table has 4 entries and I challenge you to name me one possible role i could have picked :D
<font face="Times New Roman">Server</font>
<font face="Times New Roman">Switch</font>
<font face="Times New Roman">Router</font>
<font face="Times New Roman">Hub</font>
<font face="Times New Roman"></font>
-
was your username 3Com? :¬)
-
Well I guessed Zeus, Thor, or Jupiter as a synonym for root. But I was wrong.
What did each of the roles actually MEAN?
-
Well..
The Roles table also has an ID field. so its
1 - Server
2- Switch etc,,,
Inside the Source there is never a check against a role, only against the ID values...
From double checing the source:
Server = Read
Switch = Read/Write
Hub/Router = Exception/Undefined behavior/NO behavior ;) (Depends on the class)