Is a non-public hostname “obscurity” or is it a form of password/credential? Or is a credential actually “obscurity”, only so vast an attacker can’t possibly have enough electricity to shine a light on even a remotely relevant part of it.
It’s all about risk/probabilities in my view. How likely is it to find the hostname? How likely is it to find the password?
The only real differences is that there are best practices ensuring passwords are never logged in clear text anywhere, whereas it’s not the case for a hostname.
It’s all about risk/probabilities in my view. How likely is it to find the hostname? How likely is it to find the password?
The only real differences is that there are best practices ensuring passwords are never logged in clear text anywhere, whereas it’s not the case for a hostname.