I would like to seek the opinion from other developers/Core-Developers about the comments from enikanorov on the patch - https://review.openstack.org/#/c/85682/
I agree that from a Security POV giving away information is not a good idea - more so when dealing with login servers/authentication. Here in this bug, IMHO we are providing relevant information when there is a policy violation.
The user is an authenticated user and the error code is to inform that a particular operation is not permitted.
Please feel free to agree/dis-agree or correct me on this. Thank you.
I would like to seek the opinion from other developers/ Core-Developers about the comments from enikanorov on the patch - https:/ /review. openstack. org/#/c/ 85682/
I agree that from a Security POV giving away information is not a good idea - more so when dealing with login servers/ authentication. Here in this bug, IMHO we are providing relevant information when there is a policy violation.
The user is an authenticated user and the error code is to inform that a particular operation is not permitted.
Please feel free to agree/dis-agree or correct me on this. Thank you.