Unless "table does not exist" does take precisely the same time as “access denie... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lixtra on Sept 10, 2021 \| parent \| context \| favorite \| on: Problems with Oracle SQL Unless "table does not exist" does take precisely the same time as “access denied” you still leak the same information by replacing the latter. For logged in users I would prefer logging with explicit error messages. Like that you can tell if someone is poking around or was hacked. And still get clear error messages.

uberman on Sept 10, 2021 [–]

Sure, if "table does not exist" actually means that, which it does not. It means you have no access to such a table if it exists or not

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact