[thelist] 403 or 404?
patrick
pms at stoutstreet.com
Wed Jun 6 09:20:23 CDT 2007
Stephen Rider wrote:
> I would do this:
>
> If the person is not logged in at all, they get a 30x redirect to a
> "Please log in" page.
>
> IF they are logged in and try to access something they don't have
> rights to, they get a 404 page that says something noncommittal such
> as "The page was not found or you don't have access."
Saying this '...you don't have access.' does not do this '...leaves the
obscurity barrier to the hacker'
>
> That's leaves the obscurity barrier to the hacker, but gives some
> info to the legit user who made a mistake.
>
--
patrick sanders
http://www.stoutstreet.com
web sites that fit
More information about the thelist
mailing list