httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: cvs commit: httpd-2.0/modules/generators mod_autoindex.c
Date Tue, 05 Feb 2002 15:54:59 GMT
Cliff Woolley wrote:
> Reverted.

Ta.  401 and 500 are (or can be) slightly special cases.  401
because we're not sure the user can access the resource and
shouldn't let him know it even exists without that surety.  And
500 because we're not sure what went wrong, and if the
config error were fixed it might deny access.  Paranoia mode.

403 is one of those on-the-fence things; we know access is
categorically denied, but should we tell the user since he
can (presumably) never get it?  You'll find proponents on
boths sides, but most security people will plump for obscuring
the resource's existence.

Good work, though, Cliff, and fast. :-)
#ken	P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist      http://Apache-Server.Com/

"Millennium hand and shrimp!"

View raw message