[SECURITY: minor] information leak with 403 response

shuhaowu / projecto

[DEPRECATED] Projecto is a minimalistic open source project management system built using Flask and AngularJS.

https://getprojecto.com

Apache License 2.0

35 stars 7 forks source link

[SECURITY: minor] information leak with 403 response #53

Open shuhaowu opened 11 years ago

shuhaowu commented 11 years ago

If there's a project and someone tries to request to it without the permission. We currently return a 403. This is a security problem as it leaks the existence of the project/comment/post/whatever.

Should return a 404 instead.

shuhaowu commented 10 years ago

Additionally, there are things that returns {status: "okay"} with a 200 where it should return 201.