what is better redirecting user from restricted area and not informing him what happend or telling him that its restricted?

Go To StackoverFlow.com

0

For example : user "is trying" to enter restricted area ( i.e. admin area on webpage ) , what is better kick him out from there without a single word or inform him that this is admin area and he is forbiden to enter.

2009-06-16 08:42
by red777


1

Let him know that its restricted. To do otherwise smacks of security thru obscurity, and will also hinder genuine users who cannot access the area because of some other reason (they've mistyped their password, for example). At least if you let them know 'This is a restricted area, access denied) then they can eliminate the possibility that they're visiting the wrong url, for example.

2009-06-16 08:50
by PaulJWilliams


1

If they shouldn't be accessing the page in the first place, and there is no legitimate way they could of got there I wouldn't bother with any courtesy messages.

Only reason you'd have one is for the benefit of legitimate users. No point being helpful to a potential attacker.

2009-06-16 09:00
by Jonathan Maddison


0

I usually clear his session and redirect him to the login page.

2009-06-16 08:44
by Sergio


0

He'll know by virtue of HTTP redirect codes (302, etc.) if he was interested, so you might as well tell him. And IE might also do it's annoying "click" "click" everytime you redirect the page.

2009-06-16 08:44
by Program.X


0

Depending on the technology you are using, this user will probably be automatically redirected to the login page and have a chance to identify himself as an administrator.

2009-06-16 08:45
by Gerrie Schenck


0

You could send back a 404 response as though the admin pages weren't there at all.

2009-06-16 08:45
by Greg Hewgill


0

If they're "trying" to enter, that means that they already know it's an admin area, therefore, simply deny the login. Better yet, protect the admin area so that they can't even "try" to login or get to that area at all (forbidden, IP Restricted, etc.)

2009-06-16 08:47
by Sev