Posted October 1, 2008 and filed under Security    tags: 

I ran across a response page to a user at my customer site and decided it was worth writing a post about.  Have a look:

image

Does anyone else see a problem with that message?  While it may be important that a user knows why they were denied access to a particular web site, in this case http://guns.com, it’s equally important that unnecessary information not be exposed to the user.  In this case I can now tell that Websense is the web filtering solution that is being used.  You may be asking yourself: “Why does this matter?”  While knowing the filtering solution is meaningless to the majority of your user community those who are attempting to get around your security measures will find this information most helpful.

Moral of the post?  If it’s not necessary to display some information then it’s probably best to not display it.  Especially on an error/deny message…

If you liked this article why not share it with others?

Kick it up to DotNetKicks.com

Comments

Add comment


(Will show your Gravatar icon)

biuquote
Loading