The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
A thought regarding some slight mitigation of someone trying to get at a resource they don't have access to is to say there is no resource. Any one else implemented this, or just always return forbidden everything user does not have privileges?
Some case yes, say not enough privileges if said resource is ok for them to go get the right privileges then come and retry.
but sometimes I'm think, well, this user should never be able to get this resource, like wrong 3rd party contractor, so just go away, that resource does not exist (for you).
It is nonsense, based on the assumption that if access is forbidden and the attacker "hence" knows the item is there and "probably" can be read one way or the other - and that is the nonsense, unless you keep your secrets in the filename, and not the file itself.
So, you're trading this tiny advantage for some serious trouble in debugging; can it find the file, or is it just acting like it can't find it?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
Basically good security is when you tell nothing to the user. Like you do not tell one who tries to break in your site that what part of the identification was wrong, the same way you do not tell someone nothing about resources, who not authorized to do such a request on the first place... Bang him with 403, if one is legitimate, one will contact the proper way to ask for what one want...
Skipper: We'll fix it. Alex: Fix it? How you gonna fix this? Skipper: Grit, spit and a whole lotta duct tape.
That diet is the best ever, orzo they would have you believe.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
Stock value is such a bogas thing. the 1.3 loss is of its potential dollar value. It is not worth nothing until sold.
As soon as you have converted your dollars to stocks, you have 0 dollars and only the potential of the stocks.
Hell you can be frozen out of selling stocks for a year. So for a year you have changed 100 dollars into 0 dollars, with the hope that in 1 year time the potential sell value of the stock is higher then when you traded.
Hell most paper notes are worthless, they just say the bank will honor the 10.
Those banks in Italy using parmasan cheess as collatoral have the right idea. You go bust, we still have a good chance of selling the cheess. but Stock, or even building value, nah.
Last Visit: 3-Aug-20 0:11 Last Update: 3-Aug-20 0:11