[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Worst Error Message?

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Sat, 30 Jul 2011 18:04:08 -0400

On Sat, Jul 30, 2011 at 3:10 PM, Les Mikesell <lesmikesell_at_gmail.com> wrote:
> On 7/30/11 1:14 PM, Jeremy Pereira wrote:
>>
>> On 30 Jul 2011, at 18:17, Les Mikesell wrote:
>>
>>>
>>> '403 forbidden' makes reasonable sense for a client-side message to
>>> someone who shouldn't know internal details anyway.
>>
>> Seriously?  You think an HTTP response code (which *is* an internal
>> detail) is an acceptable error message.  You think it makes sense?  Why is
>> 403 forbidden?  Oh, right, that's just a code.  Ok what is forbidden?  Is it
>> me?  the repository? writing to the repository?  writing to a particular
>> file?  Why is it forbidden?  Is it because it is Tuesday? WHY???!!!!
>>
>> It's a useless error message. It's even pretty useless to the average
>> person when they are trying to use a browser to access a URL.
>
> From a security perspective it is a bad idea to tell a network client that
> is doing something you have explicitly denied any of the details of how the
> system is configured to prevent it.  Working correctly is usually a yes or
> no question and this answer is clearly 'no'.
>
>>> Is something better in the apache error log where the sysadmin who set it
>>> up wrong should be looking?
>>
>> Except that the administrator might not have set up the repository wrong.
>>  He might have made it deliberately read only.  Users should not have to
>> trawl Apache logs to find out that they are not allowed to commit to a
>> repository.
>
> Right, if the system is intentionally set up for read-only access, the user
> should not get a hint about how to work around it, and it won't do them any
> particular good to know if it is denied in the http config, the
> authorization setup, or the filesystem.   Really, what do you need to know
> as an end user besides that your commit was denied?

When I, as a user, am denied access to something, it's very helpful to
know at which level of the setup my access was denied in order to
*fix* it. And it's helpful for me, as an admin, to get an error
message that reveals as much as possible about the problem so that I
can fix it if the problem is my fault.
Received on 2011-07-31 00:04:39 CEST

This is an archived mail posted to the Subversion Users mailing list.