[65] in WWW Security List Archive
Returned errors.
daemon@ATHENA.MIT.EDU (Darren Reed)
Thu Aug 18 07:40:47 1994
From: darrenr@arbld.unimelb.edu.au (Darren Reed)
To: www-security@ns1.rutgers.edu
Date: Thu, 18 Aug 1994 19:20:57 +1000 (EST)
On a separate issue to the GSS one, is there any requirement in the
HTTP protocol that the *real* path be returned in an error or failure
to access a document ?
It is quite reasonable that documents which are protected are meant to
remain this way and even disclosing the path to them may be of concern
and worry to people (if you're using NFS, that might give would-be
intruders a lead on which partitions are rw/ro and so on).
Darren
