undefined | Better HN

0 pointssmaudet5mo ago0 comments

> inconvenient, it is not a security risk

Mmm...not exactly. When security is difficult, the default fix is to turn it off, workaround, etc. Security should be relatively simple.

Increasing the difficulty of correctly configuring additional directories increases the chance something "bad" may happen. As a theorical example, for ssh say that config is not protected the same way keys are (on the file system or by policy). Pair this with some option that, when configured, exposes the contents of the keys.

Increasing the complexity required to secure something makes it inherently less secure.

0 comments

johnisgood5mo ago

Okay, that makes sense and I do not disagree.

j / k navigate · click thread line to collapse