> I agree that while hiding the content (restricting access to the content) > isn't the same as hiding the page exists, there are times where the page > title (the url) can be just as interesting to someone as the content. > > Hiding the page is a way to reduce/eliminate the traffic analysis that a > potential attacker can do. We had this discussion multiple times. This is simply not what DokuWiki is intended for. The information if a page exists is "leaked" at several places in DokuWiki (link colors, status code, error messages, probably more). If firstheading is enabled, even the title of the page is given away. If you have content where the pure knowledge that it exists is an information leak already, don't put it in the wiki. It does not belong there. If the HTTP code for access denied is correct, is debatable. But we do send 200 Headers for non existing pages by default as well. So if you enable send404, it might be sensible to send a 403 for access denied cases. Andi -- splitbrain.org -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist