|

»

»

Dang page when accessing URL that requires a login?

View: New views

3 Messages — Rating Filter: Alert me

	Dang page when accessing URL that requires a login? by Kevin Nehls :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Here are a couple threads talking about this http://gallery.menalto.com/node/91434 http://gallery.menalto.com/node/91409 Basically, if you set permissions such that it requires people to login, and send a URL to a sub-album out to people they get a dang page instead of a login page. When I recreate this I see this error in my G3 logs: 2009-09-26 05:43:59 -07:00 --- error: Uncaught Exception: @todo FORBIDDEN in file modules/gallery/helpers/access.php on line 189 So we know it's "FORBIDDEN", could we redirect to a login page? I think that would be much more friendly. However, if we have a separate 404 page for pages that don't exist, then this is revealing some information. People could deduce that if I get a login page, that album exists, but if I get a 404 page it doesn't exist. Personally, myself, I'd like to see us error on the side of usability here and display a login page for "FORBIDDEN" pages. I've used many websites and applications that behave this way. You can send out a valid URL and if it requires authentication, you get a login prompt. IMO, it's much more friendly than to not even acknowledge that the page exists until after someone logs in. Kevin ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf __[ g a l l e r y - d e v e l ]_________________________ [ list info/archive --> http://gallery.sf.net/lists.php ] [ gallery info/FAQ/download --> http://gallery.sf.net ]
	Re: Dang page when accessing URL that requires a login? by Bharat Mediratta :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Kevin Nehls wrote: > Here are a couple threads talking about this > http://gallery.menalto.com/node/91434 > http://gallery.menalto.com/node/91409 > > Basically, if you set permissions such that it requires people to login, > and send a URL to a sub-album out to people they get a dang page instead > of a login page. When I recreate this I see this error in my G3 logs: > 2009-09-26 05:43:59 -07:00 --- error: Uncaught Exception: @todo > FORBIDDEN in file modules/gallery/helpers/access.php on line 189 > > So we know it's "FORBIDDEN", could we redirect to a login page? I think > that would be much more friendly. However, if we have a separate 404 > page for pages that don't exist, then this is revealing some > information. People could deduce that if I get a login page, that album > exists, but if I get a 404 page it doesn't exist. > > Personally, myself, I'd like to see us error on the side of usability > here and display a login page for "FORBIDDEN" pages. I've used many > websites and applications that behave this way. You can send out a > valid URL and if it requires authentication, you get a login prompt. > IMO, it's much more friendly than to not even acknowledge that the page > exists until after someone logs in. I'm happy to see us put up a login page if the user requests a page that doesn't exist. As you say, to avoid leaking sensitive information we'll have to do this for all 404 pages. We have enough information to make this work, imo. Is there a ticket filed for it? -Bharat ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf __[ g a l l e r y - d e v e l ]_________________________ [ list info/archive --> http://gallery.sf.net/lists.php ] [ gallery info/FAQ/download --> http://gallery.sf.net ]
	Re: Dang page when accessing URL that requires a login? by floridave :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yes there is a ticket: https://sourceforge.net/apps/trac/gallery/ticket/603 Dave At 01:36 PM 9/27/2009, Bharat Mediratta wrote: >I'm happy to see us put up a login page if the user requests a page that >doesn't exist. As you say, to avoid leaking sensitive information we'll >have to do this for all 404 pages. We have enough information to make >this work, imo. Is there a ticket filed for it? ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf __[ g a l l e r y - d e v e l ]_________________________ [ list info/archive --> http://gallery.sf.net/lists.php ] [ gallery info/FAQ/download --> http://gallery.sf.net ]