[thelist] 403 or 404?

patrick pms at stoutstreet.com
Wed Jun 6 09:20:23 CDT 2007


Stephen Rider wrote:
> I would do this:
> 
> If the person is not logged in at all, they get a 30x redirect to a  
> "Please log in" page.
> 
> IF they are logged in and try to access something they don't have  
> rights to, they get a 404 page that says something noncommittal such  
> as "The page was not found or you don't have access."

Saying this '...you don't have access.' does not do this '...leaves the 
obscurity barrier to the hacker'

> 
> That's leaves the obscurity barrier to the hacker, but gives some  
> info to the legit user who made a mistake.
> 


-- 

patrick sanders
http://www.stoutstreet.com
web sites that fit



More information about the thelist mailing list