Posted August 20, 2013
Zoltan999: I'm no expert on open source updater clients, so please bear with my limited knowledge...however, if GOG were to implement such a service and device, would making it open source also make it/GOG/users more vulnerable to evil forces that may be able to exploit it for nefarious resaons? Just curious, as I said, I do not pretend to be an expert, and while I can surely see benefits of open source, and the ability for the many users and mermbers who know their shit, to help make it run better, faster, ect., is there also a possible downside for exploitation?
No, it won't make it more vulnerable. Security by obscurity is not a proper security approach. Security is achieved by the means of proper authentication, encryption and etc. The code of the authenticating client and the protocol of authentication and encryption if any can be perfectly open and known. It won't make the system any less secure, if the authentication and backend security are properly implemented. If anything, obscurity only reduces security, since the closed client can't be fully trusted.Post edited August 20, 2013 by shmerl