[OpenSPP-project] What is the correct behavior of DelDestGrpRqst when the targeted group does not e
Status: Planning
Brought to you by:
deanwillis
Menu
▾
▴
[OpenSPP-project] What is the correct behavior of DelDestGrpRqst when the targeted group does not exist or has been previously deleted?
|
From: Dean W. <dea...@so...> - 2011-08-23 23:45:35
|
Right now, I can run repeated delete group requests, specifying the same group, and always get the same code 1000 Overall Success response. This doesn't seem right. WHat should it do? But it raises a question about a threat model. Suppose I attempt to delete a DestGrp that I should not be authorized to delete, or even see. If the respose returns as "unauthorized", as opposed to "not found", do I now know about the existence of a DestGrp that I was only guessing existed? Is this a problem? Always returning a "happy" response precludes the information leak, but it could cause other problems. -- Dean |
