754

submitted 2 months ago by [email protected] to c/[email protected]

77 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 3 points 2 months ago* (last edited 2 months ago)

It depends on the context. If it's an URL that is easy to guess and reflects user-created content, your system is leaking information about their users if it returns 403. The example that comes to mind is GitHub returning 404s for both nonexisting and private repos when the authenticated user doesn't have access to it.

this post was submitted on 22 Mar 2025

754 points (98.8% liked)

Programmer Humor

24262 readers

2179 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]