search

Azure / azure-storage-cpp

Microsoft Azure Storage Client Library for C++
http://azure.github.io/azure-storage-cpp
Apache License 2.0
131 stars 147 forks source link

How to distinguish among errors due to anoymous access? #397

Open yxiang92128 opened 3 years ago

yxiang92128 commented 3 years ago

We have observed that the SDK returns the same http code as 404 and the same error message as “The specified resource does not exist.” to the following three cases:

  1. List against a non-existing container with empty anonymous credential because that container is not there.
  2. List against a private container with empty anonymous credential because container is not enabled for anonymous access.
  3. List against an anonymous-blob-only container with empty anonymous credential because container level access is prohibited for anonymous user.

I wonder if at least for case 2 and 3, it should return HTTP code 403 instead?

Thanks,

Yang

Jinming-Hu commented 3 years ago

Both Case 2 and 3 are by design. So that malicious users cannot detect if a container exists.