474
The mist of the www (thelemmy.club)
submitted 2 weeks ago by NichEherVielleicht@feddit.org to c/programmer_humor@programming.dev
94 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] waigl@lemmy.world 64 points 2 weeks ago

Any further "helpful" information in that error message would be a security issue.

[-] smeg@feddit.uk 17 points 2 weeks ago

I am annoyed by (but respect) APIs that take it a level further and don't even give you a 403 to say you're unauthorised, they just give you a 404 because anything else would acknowledge that the resource you requested actually existed

[-] Pika@sh.itjust.works 12 points 2 weeks ago* (last edited 1 week ago)

I don't respect them because most instances a 403 is more than adequate for your security. The only time I agree with having a 404 over a 403 would be file-specific pathing, but realistically the entire file directory should be a 403 instead of a 404, And then if the user is authorized to access the resource(but it isn't there), then it gives a 404.

[-] qqq@lemmy.world 2 points 1 week ago

Yea, it doesn't matter too much in most instances, but there are times when it might, especially if the URL itself has some meaning embedded in it. For example if part of the path is a SHA sum of some content, which is fairly common, it might be bad to allow someone to determine if that resource exists

load more comments (2 replies)
load more comments (7 replies)
load more comments (9 replies)
this post was submitted on 10 Apr 2026
474 points (90.9% liked)

Programmer Humor

31092 readers
166 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev