Open eugene-davis opened 10 years ago
If a ID doesn't have the right privileges, it should not return information about things like the element type, this is potentially information leakage to an attacker.
Some exceptions already are breaking this rule, and should be fixed when found.
We may wish to provide error codes which map to more detailed errors, and have a debug setting which will output those errors.
If a ID doesn't have the right privileges, it should not return information about things like the element type, this is potentially information leakage to an attacker.