Hiding other project

Added by Martin Delille over 11 years ago

Hi,

I'm using redmine for my small company project management.
I work for different customers on different project.
For confidentiality purpose, I would like to prevent the customer to know which project are hosted on my site. The private project settings is great.
I would like to add a step in the privacy.
Supposing that I'm connecting with a user that has no access to MyProject1 and I try to access http://redmine.mycompany.com/projects/myproject1 I get a 403 error.
If I try to access to http://redmine.mycompany.com/projects/notexistingproject I get a 404 error.

Would it be possible to set a common message so that the customer don't know if I host the project with a given name?

Any other input is welcome.

Martin

Replies (1)

RE: Hiding other project - Added by Jan Niggemann (redmine.org team member) over 11 years ago

That's something you'd do in apache, you need to create similar looking custom error pages for 403 and 404.
Nevertheless, security-wise that would only be cosmetic, as your webserver is required to differentiate between non-existing ressources and existing ones you don't have access to by the HTTP standard...

(1-1/1)

Project

General

Profile

Redmine