You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@flagon.apache.org by "Rob Foley (JIRA)" <ji...@apache.org> on 2019/06/10 16:59:00 UTC

[jira] [Commented] (FLAGON-296) UserALE should be able to detect if there is Restricted Content

    [ https://issues.apache.org/jira/browse/FLAGON-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16860153#comment-16860153 ] 

Rob Foley commented on FLAGON-296:
----------------------------------

This may be difficult/not plausible. A server might just return a 403 (not authorized), a 404 (pretend it doesn't exist), or ask for authorization. I don't know if we can detect the third. Moreover, it would likely be impossible to detect content that the user _is_ authorized to access, as we have no idea if the server checked some cookie (like a login/session token), unless we just assume that everything they see is something they can access.

> UserALE should be able to detect if there is Restricted Content
> ---------------------------------------------------------------
>
>                 Key: FLAGON-296
>                 URL: https://issues.apache.org/jira/browse/FLAGON-296
>             Project: Flagon
>          Issue Type: New Feature
>          Components: UserALE.js
>            Reporter: Joshua Poore
>            Priority: Major
>             Fix For: UserALE.js 2.4.0
>
>
> For both security purposes and forensic purposes it would be useful to note if there is restricted content on the page.
>  
> Restricted Content = Anything behind a password
>  
> Helps with filtering, prevention of content extraction, and logging



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)