Providing a wrong share address template generates error 500 instead of 404
Bug #396998 reported by
bgerlich
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu One Servers |
Triaged
|
Low
|
Philip Fibiger | ||
Bug Description
When requesting a share with an erroneous address, for example https:/
, omitting last chars is a common copy/paste mistake, the server answers with error 500, when it should give 404.
Revision history for this message
| Rick McBride (rmcbride) wrote | #1 |
| Changed in ubuntuone-client: | |
| assignee: | nobody → Philip Fibiger (pfibiger) |
| status: | New → Confirmed |
| status: | Confirmed → Triaged |
| affects: | ubuntuone-client → ubunet |
| Changed in ubunet: | |
| importance: | Undecided → Low |
| tags: | added: ops+ |
To post a comment you must log in.
Throwing "Denied" instead of "not found" for a mis-pasted url isn't very helpful to the pasting user.
However throwing "Denied" for every share address not specifically allowed for the user making the connection does prevent scanning for valid share IDs by an attacker, or at least make it much more difficult.
Perhaps our 500 template could be revised to suggest that mis-copied addresses could be one reason for the failed request?