[geeklog-devel] Geeklog and 404 Errors

Tom websitemaster at cogeco.net
Fri Jan 4 15:38:55 EST 2013 

>> we should at least think this through before we change it.

That's why I started this thread. ;-)

The only other thing I thought of is comment paging can be different per
user depending on what the comment page limit is set at. So a comment page 5
could display for one user but not another (like anonymous) if his comments
per page is set higher. This could create a situation if that user put a
link to page 5 on his website or whatever for someone to visit. This
situation isn't really too important in my opinion as I doubt it would
happen too often but  I thought I would bring it up.

I guess we have 2 main things to think about.  

1) If the id  of the item exists or not (staticpage, article, topic,
comment, etc) and if they have access to it or not. Right now the message
tells the user the item either doesn't exist or they do not have access.
Basically we are telling them it is a 404 or 403. The problem is when search
engines find these type of links they do not realize it is a 404 or 403 and
proceed to index the page. I still think we should set a 404 error and have
a general message (like how 404.php works) stating that the page doesn't
exist or that they may not have access and then point them to the home page
or search page. A 404 error gives them less information that a 403 error.

2) Going over the page limits for things like comments and topics. I think
this one is relatively straight forward and we should return a 404.

I also would want to add some logging for this just so you can find out who
is trying to find what non-existent page.

Tom




-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
Sent: January-04-13 12:50 PM
To: Geeklog Development
Subject: Re: [geeklog-devel] Geeklog and 404 Errors

Rouslan Placella wrote:

> Dirk, that's physically missing pages you're talking about (e.g:
http://geeklog.net/nonexistent.php). For logically missing pages, Tom is
right about sending the 404 header from gl
(http://geeklog.net/article.php?id=nonexistent), the webserver won't send an
error, since the page does actually exist.

Right. I was only addressing the question about the 404.php - hadn't really
thought through the other aspect yet.

Geeklog already sends the proper HTTP status codes where appropriate (e.g.
403, 500), so sending a 404 when calling up an item that does not exist
sounds sensible.

I think the main reason why we're not doing it yet was the concern that it
may give away information. Strictly speaking, if you don't have the rights
to read an article, you should get a 403 but if it does not exist, you
should get a 404. In both cases, we currently redirect the user to the front
page so as not to give away the information "this article exists but you are
not allowed to read it".

Given that we're The Secure CMS, we should at least think this through
before we change it.

bye, Dirk


-- 
http://www.themobilepresenter.com/

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel

More information about the geeklog-devel mailing list