On Monday 01 August 2011, Les Mikesell wrote: > On 8/1/11 2:47 AM, Ulrich Eckhardt wrote: >> On Saturday 30 July 2011, Les Mikesell wrote: >>> From a security perspective it is a bad idea to tell a network client >>> that is doing something you have explicitly denied any of the details >>> of how the system is configured to prevent it. Working correctly is >>> usually a yes or no question and this answer is clearly 'no'. >> >> Have you ever been laughing about "General Fault" messages issued by >> early MS Windows systems? You are advocating them as reasonable from a >> security perspective, which could be argued still. From a user >> perspective though, they definitely suck, because they don't help you >> solve the problem. > > This wasn't an error message, it was an 'access denied' message and it was > displayed because of the way the administrator had configured the system.
The thing didn't do what I wanted it to do, which is an error. Further, it told me about it, which is a message. So this is what I and probably others call an error message. Are you really serious? > So exactly how much good does it do you, as a user of some remote client to > know that your access is denied because the filesystem is read-only to the > server program, and what will you do differently than if you just know > your write was denied? It makes a difference because it allows me to figure out if I did something wrong or not. Consider something is inherently read-only (e.g. a CDROM) or the server just failed to fulfill my request because it ran out of diskspace. Consider the opposite case where I am not authenticated (i.e. using a guest account) or I'm specifically not authorized to to write something (missing permission). In the first case, there is obviously nothing wrong (except perhaps an arguable misconfiguration) but the behaviour is intentional. In the second case, the server itself is going belly up because the disk is full, and I would alert the admins. In the third case, I see that I'm not properly authenticated and simply use my full account instead of the guest account. In the fourth case, I'll ask the project admin to give me write privileges in order to allow me to do my work. Having error messages that convey information is important in any program, regardless of whether it is in a client-server setup or not. Note that users often don't even know whether something is client-server or not. Uli ************************************************************************************** Domino Laser GmbH, Fangdieckstraße 75a, 22547 Hamburg, Deutschland Geschäftsführer: Thorsten Föcking, Amtsgericht Hamburg HR B62 932 ************************************************************************************** Visit our website at http://www.dominolaser.com ************************************************************************************** Diese E-Mail einschließlich sämtlicher Anhänge ist nur für den Adressaten bestimmt und kann vertrauliche Informationen enthalten. Bitte benachrichtigen Sie den Absender umgehend, falls Sie nicht der beabsichtigte Empfänger sein sollten. Die E-Mail ist in diesem Fall zu löschen und darf weder gelesen, weitergeleitet, veröffentlicht oder anderweitig benutzt werden. E-Mails können durch Dritte gelesen werden und Viren sowie nichtautorisierte Änderungen enthalten. Domino Laser GmbH ist für diese Folgen nicht verantwortlich. **************************************************************************************
