I have a folder in a Sharepoint Foundation 2010 document library with unique permissions so only a specific group of users can access. The folder is created only in some cases and it's important that other users can't know when the folder exists or not. But if a user with no access permissions types the direct url doesn't get an error, but a page showing an empty folder. It's good that he can't see the content, but it's not good that he can know that the folder is there. Is it a Sharepoint security bug?
[EDIT] I made a test on Sharepoint 2007. Users with no access on a folder get a Access Denied Error if they type the direct url. I think the behavior on Sharepoint 2010 is a real bug.
