The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
A thought regarding some slight mitigation of someone trying to get at a resource they don't have access to is to say there is no resource. Any one else implemented this, or just always return forbidden everything user does not have privileges?
Some case yes, say not enough privileges if said resource is ok for them to go get the right privileges then come and retry.
but sometimes I'm think, well, this user should never be able to get this resource, like wrong 3rd party contractor, so just go away, that resource does not exist (for you).
It is nonsense, based on the assumption that if access is forbidden and the attacker "hence" knows the item is there and "probably" can be read one way or the other - and that is the nonsense, unless you keep your secrets in the filename, and not the file itself.
So, you're trading this tiny advantage for some serious trouble in debugging; can it find the file, or is it just acting like it can't find it?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
Basically good security is when you tell nothing to the user. Like you do not tell one who tries to break in your site that what part of the identification was wrong, the same way you do not tell someone nothing about resources, who not authorized to do such a request on the first place... Bang him with 403, if one is legitimate, one will contact the proper way to ask for what one want...
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
That diet is the best ever, orzo they would have you believe.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle