Hi, I have done a little googleing around the practice of returning 404 rather than 403 for unauthorised access.
Most people seem to think it is bad practice. I imagine the motivation is to prevent automatic url guessing. It would be preferable, for me, if a redirect (307 Temporary Redirect) to the Jenkins top level url was issued, instead of both genuinely non-existant and unauthorised urls, as I find myself url editting quite a lot at the moment. cheers Tim PS Should this have been created in http://issues.jenkins-ci.org ? -- Tim Pizey - http://pizey.net/~timp
