I ran across a response page to a user at my customer site and decided it was worth writing a post about. Have a look:
Does anyone else see a problem with that message? While it may be important that a user knows why they were denied access to a particular web site, in this case http://guns.com, it’s equally important that unnecessary information not be exposed to the user. In this case I can now tell that Websense is the web filtering solution that is being used. You may be asking yourself: “Why does this matter?” While knowing the filtering solution is meaningless to the majority of your user community those who are attempting to get around your security measures will find this information most helpful.
Moral of the post? If it’s not necessary to display some information then it’s probably best to not display it. Especially on an error/deny message…
CSS-Tricks
Janko at Warp Speed
Kim Cameron's Identity Weblog
Pluralsight Blogs
Wed, Oct 1, 2008
Security