Should we prevent access to non-sensitive information?

Don't prevent access. Don't make things hard for your team. Don't introduce gratuitous complexity, it is the enemy of security, and a sure path to technical debt. Don't look to obfuscation, to an attacker that is a clear sign that more obvious defenses have been overlooked.

Tags:

Api

Web Application

Related

How does an attacker get access to hashed passwords? Authy - is my backup secured by only my password or 2FA s well Why don't web email clients put emails in an iframe? My email is listed as recovery email for an unknown Google account How is attacking WPA different from attacking WPA2? Couldn't credit/debit cards easily be made more secure? Why do mobile devices force user to type password after reboot? Does Rainbow Table Not Require Decompression? How to test CVE-2004-0789 Multiple Vendor DNS Response Flooding Denial Of Service? What kind of attack is prevented by Apache2's error code AH02032 ("Hostname provided via SNI and hostname provided via HTTP are different")? Chrome: Your connection is private but someone might be able to change the look of the page This Program Can not Be Run in DOS Mode

Recent Posts