Re: Worst Error Message?

Mon, 01 Aug 2011 06:55:29 -0700 

On 8/1/11 8:30 AM, Ulrich Eckhardt wrote:

On Monday 01 August 2011, Les Mikesell wrote:

On 8/1/11 2:47 AM, Ulrich Eckhardt wrote:

On Saturday 30 July 2011, Les Mikesell wrote:

 From a security perspective it is a bad idea to tell a network client
that is doing something you have explicitly denied any of the details
of how the system is configured to prevent it.  Working correctly is
usually a yes or no question and this answer is clearly 'no'.


Have you ever been laughing about "General Fault" messages issued by
early MS Windows systems? You are advocating them as reasonable from a
security perspective, which could be argued still. From a user
perspective though, they definitely suck, because they don't help you
solve the problem.


This wasn't an error message, it was an 'access denied' message and it was
displayed because of the way the administrator had configured the system.


The thing didn't do what I wanted it to do, which is an error. Further, it
told me about it, which is a message. So this is what I and probably others
call an error message. Are you really serious?




No, it is not an error for the system to deny write access when the server has 
been explicitly configured to only have read access.  In this particular case, 
it was an error on the admin's part, but that is irrelevant to the user/client. 
The system was working correctly as configured.



So exactly how much good does it do you, as a user of some remote client to
know that your access is denied because the filesystem is read-only to the
server program, and what will you do differently than if you  just know
your write was denied?


It makes a difference because it allows me to figure out if I did something
wrong or not. Consider something is inherently read-only (e.g. a CDROM) or the
server just failed to fulfill my request because it ran out of diskspace.
Consider the opposite case where I am not authenticated (i.e. using a guest
account) or I'm specifically not authorized to to write something (missing
permission).


This was clearly a 'not authorized to write' message.

--
  Les Mikesell
   lesmikes...@gmail.com



























					Reply via email to