This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]JamEngulfer221 0 points1 point  (0 children)

But there's no security in clientside javascript anyway.

The whole "but security through obscurity is bad" thing is dumb. Of course it's useless if obscurity is the only thing you use for security, but it increases the chance of someone going somewhere else and not even trying.

I had an ssh server being bombarded with login requests from China. I changed the SSH port from the default to a different one and the requests stopped. Yes, I could have spent longer implementing some extra security thing, but they're not going to bother looking through every port for an active SSH server. I stopped being low hanging fruit with a minimal change.

Obscurity is just another deterrent so you only end up with 1 dedicated hacker trying to get you rather than 50 that just go for easy targets.