[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Worst Error Message?

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: Mon, 01 Aug 2011 08:54:57 -0500

On 8/1/11 8:30 AM, Ulrich Eckhardt wrote:
> On Monday 01 August 2011, Les Mikesell wrote:
>> On 8/1/11 2:47 AM, Ulrich Eckhardt wrote:
>>> On Saturday 30 July 2011, Les Mikesell wrote:
>>>> From a security perspective it is a bad idea to tell a network client
>>>> that is doing something you have explicitly denied any of the details
>>>> of how the system is configured to prevent it. Working correctly is
>>>> usually a yes or no question and this answer is clearly 'no'.
>>>
>>> Have you ever been laughing about "General Fault" messages issued by
>>> early MS Windows systems? You are advocating them as reasonable from a
>>> security perspective, which could be argued still. From a user
>>> perspective though, they definitely suck, because they don't help you
>>> solve the problem.
>>
>> This wasn't an error message, it was an 'access denied' message and it was
>> displayed because of the way the administrator had configured the system.
>
> The thing didn't do what I wanted it to do, which is an error. Further, it
> told me about it, which is a message. So this is what I and probably others
> call an error message. Are you really serious?

No, it is not an error for the system to deny write access when the server has
been explicitly configured to only have read access. In this particular case,
it was an error on the admin's part, but that is irrelevant to the user/client.
The system was working correctly as configured.

>> So exactly how much good does it do you, as a user of some remote client to
>> know that your access is denied because the filesystem is read-only to the
>> server program, and what will you do differently than if you just know
>> your write was denied?
>
> It makes a difference because it allows me to figure out if I did something
> wrong or not. Consider something is inherently read-only (e.g. a CDROM) or the
> server just failed to fulfill my request because it ran out of diskspace.
> Consider the opposite case where I am not authenticated (i.e. using a guest
> account) or I'm specifically not authorized to to write something (missing
> permission).

This was clearly a 'not authorized to write' message.

-- 
   Les Mikesell
    lesmikesell_at_gmail.com
Received on 2011-08-01 15:55:33 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.