2

Would it be of any benefit to have tables with randomly generated names?

For example:

An SQL injection might be looking for:

SELECT * FROM users WHERE 1=1

But if users is really rifchodafsnhe (or some other nonsense) their injection wouldn't work.

Question: pros vs cons of gibberish column names from a security vs usability standpoint

xyhhx
  • 231
  • 2
  • 5
  • 2
    I think this falls more under the category of security by obscurity which I don't think is ever a good idea. The readability of source code is going to be definitely affected, which I don't even think is a good trade-off in terms of risk vs functionality. – Jonathan Gray Dec 18 '15 at 19:44
  • 6
    SQL injection can be prevented if using the right coding principles, i.e. use parameter binding. This is not that hard and much safer than using "random" column names which eventually will leak anyway. – Steffen Ullrich Dec 18 '15 at 19:45
  • 3
    To the downvoter: just because the idea presented in the question is bad doesn't mean it is a bad question. – TTT Dec 18 '15 at 20:03
  • Yeah I wasn't intending on actually using this for security. Just a thought I wanted to get feedback on here – xyhhx Dec 22 '15 at 20:24

2 Answers2

5

Security by obscurity is not always bad, but here I think it is.

The correct way to judge a security mechanism/implementation/control is "Does it impose more of a burden on the legitimate user than on the illegitimate user?, and is the burden disproportionate to the benefit?"

This poses a significant burden on the legitimate user and makes it rather likely that the legitimate user will misremember/misunderstand the answer and reach a bad conclusion.

I find the single mis-use case you pose to be unpersuasive. (Others may disagree, but for me, the value is not worth the cost).

MCW
  • 2,560
  • 2
  • 17
  • 26
4

Your suggestion is analogous to hiding your weed stash in the floorboards of your house.

Pros: Barely any. Your mom won't find it, but when the dogs come sniffing around, they sure will.

Cons: What a hassle when you just want a joint.

TTT
  • 9,212
  • 4
  • 20
  • 32