Ben Nadel
On User Experience (UX) Design, JavaScript, ColdFusion, Node.js, Life, and Love.
I am the chief technical officer at InVision App, Inc - a prototyping and collaboration platform for designers, built by designers. I also rock out in JavaScript and ColdFusion 24x7.
Meanwhile on Twitter
Loading latest tweet...
Ben Nadel at TechCrunch Disrupt (New York, NY) with: Aaron Foss

Alex Polo

Member since Aug 10, 2012

Recent Blog Comments By Alex Polo

  • Handling Forbidden RESTful Requests: 401 vs. 403 vs. 404

    Posted on Aug 19, 2012 at 10:10 PM

    @Ben, Probably I was not very clear but "Your username and/or password is incorrect" is what I meant. What does it tell to one about the underlying data? No more than that the credentials one has provided are incorrect. Isn't it the case when Sarah is trying to access Tricia's profile? Sa... read more »

  • Handling Forbidden RESTful Requests: 401 vs. 403 vs. 404

    Posted on Aug 18, 2012 at 9:50 PM

    @Ben, Sure, so why you choose 404 over 401? Is there any particular reason? I just think that 401 makes more sense and is more appropriate in this situation, isn't it? As an example, when you log in to a web site and accidentally has entered wrong credentials, most of the sites will notify you that... read more »

  • Handling Forbidden RESTful Requests: 401 vs. 403 vs. 404

    Posted on Aug 10, 2012 at 3:49 AM

    Hi Ben! Why not return 401 in both cases: whether the user exists or not? That way no clue would be leaked to the hacker, too.¬†401 simply says you don't have the right to do what you want (i.e. because you're not the person who this resource may belong to).¬†Whereas, 404 says we just don't have what ... read more »