Quantcast
Jenkins Jenkins users

Returning 404 rather than 403

classic Classic list List threaded Threaded
2 messages Options
Tim Pizey-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Returning 404 rather than 403

Tim Pizey-2
Hi,

I have done a little googleing around the practice of returning 404
rather than 403
for unauthorised access.

Most people seem to think it is bad practice.

I imagine the motivation is to prevent automatic url guessing.

It would be preferable, for me, if a redirect (307 Temporary Redirect)
to the Jenkins top level url was issued,
instead of both genuinely non-existant and unauthorised urls, as I
find myself url editting quite a lot at the moment.

cheers
Tim

PS Should this have been created in http://issues.jenkins-ci.org ?


--
Tim Pizey - http://pizey.net/~timp
Christopher Orr
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Returning 404 rather than 403

Christopher Orr
Hi there,

On 08/09/2012 02:33 PM, Tim Pizey wrote:

> I have done a little googleing around the practice of returning 404
> rather than 403
> for unauthorised access.
>
> Most people seem to think it is bad practice.
>
> I imagine the motivation is to prevent automatic url guessing.
>
> It would be preferable, for me, if a redirect (307 Temporary Redirect)
> to the Jenkins top level url was issued,
> instead of both genuinely non-existant and unauthorised urls, as I
> find myself url editting quite a lot at the moment.

Check out this previous thread on the topic:
https://groups.google.com/d/msg/jenkinsci-users/97hZ7JBNWpc/ohBBu3ur4LcJ

Regards,
Chris
Loading...
Powered by Nabble Edit this page