Roundup Tracker - Issues

Message6875

Author rouilj
Recipients rouilj, schlatterbeck
Date 2020-02-13.01:05:03
Message-id <1581555904.2.0.474850834916.issue2551051@roundup.psfhosted.org>
In-reply-to
Hi Ralf:

I made the claim in other tickets that a user shouldn't be able to
discover the schema by probing it. I am not sure that's a valid
claim. I think different return codes for does not exist vs. doesn't
have access could be helpful.

For example a different code returned for the use of the alternate
spelling of organization (that didn't exist in the schema) for
organisation (that the users did have access to) in the roundup
issue tracker would have lead to the solving the issue more quickly.

However returning 403 in both cases is sufficient for me to close this
issue.

Thanks for the fix.

-- rouilj
History
Date User Action Args
2020-02-13 01:05:04rouiljsetmessageid: <1581555904.2.0.474850834916.issue2551051@roundup.psfhosted.org>
2020-02-13 01:05:04rouiljsetrecipients: + rouilj, schlatterbeck
2020-02-13 01:05:04rouiljlinkissue2551051 messages
2020-02-13 01:05:03rouiljcreate