Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
1
Description
Public websites like GitHub turn auth failures into 404 to prevent discovery of secure repos.
However, CB Server is still returning AuthenticationFailure at the protocol level and it's available in the logs to the SDK user, so obfuscating the auth failure isn't giving us any security benefit.
Raising AuthenticationFailureException instead of BucketNotFoundException would be a breaking change (maybe 3.2?), but we can at least include AuthenticationFailureException as an inner exception.