What HTTP error code should I use for unauthorised access to a protected image?

Posted by Bala Clark on Stack Overflow See other posts from Stack Overflow or by Bala Clark
Published on 2011-01-06T09:46:55Z Indexed on 2011/01/06 9:53 UTC
Read the original article Hit count: 377

Filed under:

http

|

error-handling

I am writing a web application that has secure images uploaded by users. These images are only available to the owner when logged in. I am wondering what the best HTTP error code to throw in the case of unauthorised access? Would a 404 not found, or a 403 unauthorised be better?

I am leaning towards the 403, but would it be better to hide the fact that the resource exists to unauthorised users be better?

© Stack Overflow or respective owner

Related posts about http

the size of apt-get update lists is too big

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I ran a clean install to Ubuntu 12.04 and so far everything has been working well. I especially commend the Ubuntu team for this release. I only noticed that the size of repository update is now about ~13MB. Normally, it is about this size for the first time you run apt-get update after a clean install… >>> More
Cannot update, apt-get cannot fetch index files

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a fresh install of Ubuntu 11.10 from the iso 'ubuntu-11.10-desktop-amd64.iso'. I installed this in VMWare Fusion 4.1.1 running on OSX 10.7.3. When setting up the VM, I allowed easy install to take care of creating my user and installing VMWare tools. No problems during installation, everything… >>> More
Quantal: Broken apt-index, cant fix dependencies

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I can't seem to add/remove/update packages Ubuntu software update has a notice about partial upgrades but fails Seems to be similar to this problem $ sudo apt-get update Ign http://archive.ubuntu.com quantal InRelease Ign http://security.ubuntu.com precise-security InRelease Ign… >>> More
12.04: Apt-Get Update: failure to fetch; can't connect to any sources

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I realize there are dozens of "apt-get update: failure to fetch" questions (I read through all I could find), but my present circumstance is unique to 12.04 and it affects all sources; not just launchpad. Additionally, I've tried several different servers in Europe and the U.S. as well as the "main… >>> More
How can I remove the Translation entries in apt?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
This is the output of aptitude update: Ign http://archive.canonical.com natty InRelease Ign http://extras.ubuntu.com natty InRelease Ign http://dl.google.com stable InRelease Ign http://security.ubuntu.com natty-security InRelease Hit http://deb.torproject.org natty InRelease Get:1 http://dl.google… >>> More

Related posts about error-handling

Good SQL error handling in Strored Procedure

as seen on Developer IT - Search for 'Developer IT'
When writing SQL procedures, it is really important to handle errors cautiously. Having that in mind will probably save your efforts, time and money. I have been working with MS-SQL 2000 and MS-SQL 2005 (I have not got the opportunity to work with MS-SQL 2008 yet) for many years now and I want to… >>> More
Error Handling Examples(C#)

as seen on DotNetBlocks - Search for 'DotNetBlocks'
“The purpose of reviewing the Error Handling code is to assure that the application fails safely under all possible error conditions, expected and unexpected. No sensitive information is presented to the user when an error occurs.” (OWASP, 2011) No Error Handling The absence of error… >>> More
Building an Error-Handling Mechanism

as seen on Internet.com - Search for 'Internet.com'
Are errors chasing away your visitors? Let Marc Plotz show you how to handle them effectively. ... >>> More
Building an Error-Handling Mechanism

as seen on Internet.com - Search for 'Internet.com'
Are errors chasing away your visitors? Let Marc Plotz show you how to handle them effectively. ... >>> More
Improving ANTLR DSL parse-error messages

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm working on a domain-specific language (DSL) for non-programmers. Non-programmers make a lot of grammar mistakes: they misspell keywords, they don't close parentheses, they don't terminate blocks, etc. I'm using ANTLR to generate my parser; it provides a nifty mechanism for handling RecognitionExceptions… >>> More