Security Through Obscurity

Tue, 10/02/2007 - 20:11 — Mark

Anyone who has ever had to work on an E-commerce site knows that these projects can quickly become extremely complicated.

The main reason for this is that there are hundreds, if not thousands of details that need to be covered for a store to work well.

Selecting what shopping cart to use can be a daunting task.

At my day job we currently use Miva Merchant in order to implement the vast majority of our stores. Miva Merchant is used by a good number of people, but definitely could not be considered one of the most popular solutions.

This brings me to the logic behind this post. When viewing server logs of a Miva Merchant store you see all the usual requests for IIS vulnerabilities and the known vulnerabilities with different forum software, but none of these requests even come close to doing any damage.

In the case of Miva it seems that being relatively unknown, using their own scripting language, and keeping their software closed source, has allowed them maintain a certain level of security.

A similar issue has come up with Apple's Safari being ported to Windows. Many security vulnerabilities were discovered immediately following the software's release due to the advanced testing programs available on Windows.

The lesson to take away, your software isn't secure just because its not a target of hackers.

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options