FYI 403 Forbidden
This response is used to deny a request without giving the caller any recourse. It is sent when the server has understood the request, found the request to be correctly formulated, but will not service the request. This response is not used when authorization is required. ----- Original Message ----- From: David Stuart <[EMAIL PROTECTED]> Date: Tuesday, August 10, 2004 8:34 am Subject: Re: [Sip-implementors] Authentication woes > > > Scott Lawrence wrote: > > >>3) What is the role of the 403 response, exactly? If I read the > RFC > >>correctly it implies that the credentials should be cleared and > new ones > >>should be provided .. ? But, "in the real world", the 403 > response is > >>used to indicate many other things, so I cannot always have the > user > >>re-enter the credentials when I receive a 403. When should I do > this?>> > >> > > > >403 doesn't mean authentication failed - it means "I believe that you > >are who you say you are, but you're not allowed to do what you > want to > >do". It's an access control failure, not an authentication failure. > > > > OK, I can see that .. and I agree, this interpretation makes the > most > sense.. however, I notice some UASes use 403 at the end of an > authentication chain thusly: > > A --> B (REGISTER) > A <-- B (401) > A --> B (REGISTER, with credentials) > A <-- B (403) > > The 403 is sent when the credentials are incorrect with some > implementations. > > Is it just me, or are a lot of authentication implementations just > plain > broken? > > -- > David Stuart, SIPquest > Email: dave (at) sipquest (dot) com > Phone: 254-8886 x234 Web: http://www.sipquest.com/ > Address: 106 - 350 Terry Fox Drive, Kanata Ontario, K2K 2P5 > > > > _______________________________________________ > Sip-implementors mailing list > [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors > _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
