411 vs. 502 for permission denied reading groups
rra at stanford.edu
Sat Oct 2 05:58:24 UTC 2004
Jeffrey M Vinocur <jeff at litech.org> writes:
> On Fri, 1 Oct 2004, Russ Allbery wrote:
>> Instead, if the user is not authenticated, return 480, and if the
>> user is authenticated, return 502. This means that a user can
>> determine that a group exists by probing for it and seeing if they
>> get 411 or 502, but the protocol is cleaner.
> I think, in net, this is a good change. I've certainly seen problems in
> practice with there simply being no way to implement a desired
> "newsreading experience" with the previous behavior.
Yeah, Mark Crispin had run into serious problems there, to the point where
he's just given up on trying to do reactive authentication in a client.
> I did just come up with a slightly crazy idea that might be a further
> benefit and not impossible to implement...
> What if we add a readers.conf access block parameter to specify a list
> of groups that should always be treated as "not found" regardless of
> whether they exist? Or alternatively, a boolean parameter as to whether
> to use the new behavior or the old behavior.
I think I like the former idea better than the latter, as it fits in very
well with the existing read: and post: keys. We can add a hide: key that,
for that particular access block, means that those newsgroups should be
treated as if they don't exist. We'd have to define the precedence should
something occur in hide: as well as read: and post:, but that's doable.
I think that's a very good idea.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers