411 vs. 502 for permission denied reading groups

Jeffrey M. Vinocur jeff at litech.org
Sat Oct 2 04:30:03 UTC 2004


On Fri, 1 Oct 2004, Russ Allbery wrote:

>     Instead, if the user is not authenticated, return 480, and if the user
>     is authenticated, return 502.  This means that a user can determine
>     that a group exists by probing for it and seeing if they get 411 or
>     502, but the protocol is cleaner.

I think, in net, this is a good change.  I've certainly seen problems in 
practice with there simply being no way to implement a desired 
"newsreading experience" with the previous behavior.


I did just come up with a slightly crazy idea that might be a further
benefit and not impossible to implement...

What if we add a readers.conf access block parameter to specify a list of 
groups that should always be treated as "not found" regardless of whether 
they exist?  Or alternatively, a boolean parameter as to whether to use 
the new behavior or the old behavior.

In either case, server admins who really don't want to expose that
information (perhaps someone using the virtualhost functionality who wants
the server to really appear to be standalone) don't have to.


-- 
Jeffrey M. Vinocur
jeff at litech.org


More information about the inn-workers mailing list