tlilley wrote:
>>Might want to make two options:
FilesToProtect : raises 403 Forbidden
FilesToHide : raises 404 Not Found
This way, you don't give outsiders more information than they need about
the "hidden" or "protected" contents of your site. With 403, they know the
file is there, they just don't know how to get it (yet...)<<
Indeed. If so though, why even give the would-be cracker such precise
information? Perhaps a 404 error should be returned no matter what the
cause, and just use a FilesToProtect setting alone to simplify things. I'm
not sure that having such granularity (FilesToProtect and FilesToHide)
would buy us anything extra.
...Edmund.
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
