404 used when 403 should be used? was: Re: [MKDoc-dev] [BUG] 1.8 user
admin interface 500 errors
Chris Croome
chris at webarchitects.co.uk
Wed Dec 8 15:57:14 GMT 2004
Hi
Thinking about it some more I think the way 404's are used to indicate
that someone is not logged on is just wrong.
For example if you are logged on as a editor then this URI returns a
document properties form:
http://www.mkdoc.org/.admin.properties
If you are not logged in it is a 404 and if you are logged in with the
admin account it is also a 404.
If you try to access the page directly using lynx with a username and
passwd it is also a 404:
lynx -auth=chris:foobar http://www.mkdoc.org/.admin.properties
But if you first login here:
http://www.mkdoc.org/.login.html?redirect=http%3A%2F%2Fwww.mkdoc.org%2F
And then use 'g' and past in the URI it works OK.
This is all a bit odd -- I think it need work!
Chris
On Fri 05-Nov-2004 at 04:16:54 +0000, Chris Croome wrote:
>
> On Fri 05-Nov-2004 at 04:02:43PM +0000, Chris Croome wrote:
> >
> > If you are not logged is as an admin user then these addresses
> > should be 403's (or perhaps 404's to be consistent with the odd
> > way that this is done elsewhere...):
> >
> > /.admin.userlist
> > /.admin.userinsert
> > /.admin.audiencelist
> > /.admin.audienceinsert
>
> Of course these pages have the same errors also:
>
> /.admin.usermodify?id=2
> /.admin.userdelete?id=2
> /.admin.audiencemodify?id=1
> /.admin.audiencedelete?id=1
--
Chris Croome <chris at webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/
More information about the MKDoc-dev
mailing list