On Saturday 30 July 2011, Les Mikesell wrote:
> From a security perspective it is a bad idea to tell a network client that
> is doing something you have explicitly denied any of the details of how
> the system is configured to prevent it. Working correctly is usually a
> yes or no question and this answer is clearly 'no'.
Have you ever been laughing about "General Fault" messages issued by early MS
Windows systems? You are advocating them as reasonable from a security
perspective, which could be argued still. From a user perspective though, they
definitely suck, because they don't help you solve the problem.
> Right, if the system is intentionally set up for read-only access, the user
> should not get a hint about how to work around it, and it won't do them any
> particular good to know if it is denied in the http config, the
> authorization setup, or the filesystem. Really, what do you need to know
> as an end user besides that your commit was denied?
Let's just state it like this: You are wrong. As per your own communication
quality ideals, I'm omitting any reason and other specifics in which way you
are wrong, they aren't necessary anyway.
;)
Uli
**************************************************************************************
Domino Laser GmbH, Fangdieckstraße 75a, 22547 Hamburg, Deutschland
Geschäftsführer: Thorsten Föcking, Amtsgericht Hamburg HR B62 932
**************************************************************************************
Visit our website at http://www.dominolaser.com
**************************************************************************************
Diese E-Mail einschließlich sämtlicher Anhänge ist nur für den Adressaten bestimmt und kann vertrauliche Informationen enthalten. Bitte benachrichtigen Sie den Absender umgehend, falls Sie nicht der beabsichtigte Empfänger sein sollten. Die E-Mail ist in diesem Fall zu löschen und darf weder gelesen, weitergeleitet, veröffentlicht oder anderweitig benutzt werden.
E-Mails können durch Dritte gelesen werden und Viren sowie nichtautorisierte Änderungen enthalten. Domino Laser GmbH ist für diese Folgen nicht verantwortlich.
**************************************************************************************
Received on 2011-08-01 09:40:40 CEST