You happen to be on issue re: info leakage and This could be a crucial consideration for anyone rolling their unique authentication/authorization scheme. +1 for mentioning OWASP. I think 403 is greatest fitted to content material that is rarely served. In asp.Web This could necessarily mean World-wide-web.config data files *.resx http://pigpgs.com
