Question

附录一载有1、2、3、4、用户A的识别资料;只有2个。

If he tries to access Task #3, which is unauthorized, should I give 404 or just say he s not authorized? I get this idea from logins, whether the username is valid, I always just give a generic invalid username/password combination, to prevent the user from knowing if the user/resource exists
If he tries to access Task #5 non-existant should I give 404? or say resource not found in a generic page?

Answer 1

让我们说,你有一个网站,有几页的上网权利:

A general page, to which every one has an access.
A page which requires a logged in user, still access by a mass public.
An admin page, which can be accessed only by a small group of people.
A non existent page.

So for a visitor with no rights what I suggest is to use:
403 (No permissions) with 2.
404 (Does not exists) with 3, as no general user should ever come across any link to that page so it should as well be non existent for them.
And obviously 4, a non existent page, should always result in a 404 response.

Answer 2

如果使用者没有机会从事这项任务,那么他就知道这项任务存在,就使用403条。如果使用者甚至能够确定他没有获得、使用404项任务的存在。

试图获得一项不存在的任务,必然会导致404个对策。

您应始终在吉大港定居人士协会的回复中采用适当的地位法,因为它告诉浏览者,它应如何对待应对措施。如果将“未发现的资源”错误信息退回到《科索沃地位法》200条,浏览器就会认为,这一信息是用户要求的实际网页,而且可能为此敲响。如果你使用404条法典(即403条等),浏览器会知道,你寄回的那页实际上就是所要求的,因此,它知道,在浏览的历史上,它不会藏匿或进入URL。答复的载于上,仍然可以是一只冰层的超文本页面,其错误信息可以读到。

友情链接