[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Worst Error Message?

From: Ulrich Eckhardt <ulrich.eckhardt_at_dominolaser.com>
Date: Mon, 1 Aug 2011 15:30:39 +0200

On Monday 01 August 2011, Les Mikesell wrote:
> On 8/1/11 2:47 AM, Ulrich Eckhardt wrote:
>> On Saturday 30 July 2011, Les Mikesell wrote:
>>> From a security perspective it is a bad idea to tell a network client
>>> that is doing something you have explicitly denied any of the details
>>> of how the system is configured to prevent it. Working correctly is
>>> usually a yes or no question and this answer is clearly 'no'.
>>
>> Have you ever been laughing about "General Fault" messages issued by
>> early MS Windows systems? You are advocating them as reasonable from a
>> security perspective, which could be argued still. From a user
>> perspective though, they definitely suck, because they don't help you
>> solve the problem.
>
> This wasn't an error message, it was an 'access denied' message and it was
> displayed because of the way the administrator had configured the system.

The thing didn't do what I wanted it to do, which is an error. Further, it
told me about it, which is a message. So this is what I and probably others
call an error message. Are you really serious?

> So exactly how much good does it do you, as a user of some remote client to
> know that your access is denied because the filesystem is read-only to the
> server program, and what will you do differently than if you just know
> your write was denied?

It makes a difference because it allows me to figure out if I did something
wrong or not. Consider something is inherently read-only (e.g. a CDROM) or the
server just failed to fulfill my request because it ran out of diskspace.
Consider the opposite case where I am not authenticated (i.e. using a guest
account) or I'm specifically not authorized to to write something (missing
permission).

In the first case, there is obviously nothing wrong (except perhaps an
arguable misconfiguration) but the behaviour is intentional. In the second
case, the server itself is going belly up because the disk is full, and I
would alert the admins. In the third case, I see that I'm not properly
authenticated and simply use my full account instead of the guest account. In
the fourth case, I'll ask the project admin to give me write privileges in
order to allow me to do my work.

Having error messages that convey information is important in any program,
regardless of whether it is in a client-server setup or not. Note that users
often don't even know whether something is client-server or not.

Uli
**************************************************************************************
Domino Laser GmbH, Fangdieckstraße 75a, 22547 Hamburg, Deutschland
Geschäftsführer: Thorsten Föcking, Amtsgericht Hamburg HR B62 932
**************************************************************************************
Visit our website at http://www.dominolaser.com
**************************************************************************************
Diese E-Mail einschließlich sämtlicher Anhänge ist nur für den Adressaten bestimmt und kann vertrauliche Informationen enthalten. Bitte benachrichtigen Sie den Absender umgehend, falls Sie nicht der beabsichtigte Empfänger sein sollten. Die E-Mail ist in diesem Fall zu löschen und darf weder gelesen, weitergeleitet, veröffentlicht oder anderweitig benutzt werden.
E-Mails können durch Dritte gelesen werden und Viren sowie nichtautorisierte Änderungen enthalten. Domino Laser GmbH ist für diese Folgen nicht verantwortlich.
**************************************************************************************
Received on 2011-08-01 15:23:33 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.