- From: ashok malhotra <ashok.malhotra@oracle.com>
- Date: Fri, 30 Jan 2015 09:40:23 -0500
- To: public-ldp@w3.org
Melvin: Good point. Hopefully the WG will start working on Access Control soon. When we do, we should consider a default access control setting on create. All the best, Ashok On 1/30/2015 6:32 AM, Melvin Carvalho wrote: > I'm using an LDPC as a webized version of a UNIX file system > > What I do is POST to an LDPC and look for the location field after creating a resource > > Then I add an ACL file to control access > > However I realized there is a short window where the file might not have the access control I want. An attacker could subscribe to the container for notifications then intercept the message creating a race condition > > In the UNIX world inodes and files are closely coupled so the operation is atomic, this is not true in HTTP > > Maybe a better idea would be to use the UNIX equivalent of a umask to set default permissions > > Any thoughts on this?
Received on Friday, 30 January 2015 14:41:01 UTC