W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 1998

RE: "Lost Updates" still persist...

From: Yaron Goland <yarong@microsoft.com>
Date: Tue, 17 Feb 1998 21:01:41 -0800
Message-ID: <3FF8121C9B6DD111812100805F31FC0D0113C954@red-msg-59.dns.microsoft.com>
To: "'Larry Masinter'" <masinter@parc.xerox.com>, "'Sanford L. Barr'" <sbarr@interwoven.com>, ejw@ics.uci.edu, "'WEBDAV WG'" <w3c-dist-auth@w3.org>, jdavis@parc.xerox.com
I think an implementation note would be appropriate. I would suggest adding
a new section in the section on PUT entitled "PUTs, GETs, E-Tags and Locks".
The text would read as follows:

It is an error for a client to assume that the state of a resource will not
change between the time a GET and then a PUT are executed.  When that
assumption is made it is possible for the "lost update" problem, defined
previously, to occur.  The lock mechanism defined in this document provides
tools to control what sort of state changes are allowed to happen between
the execution of methods.  However not all servers support locks and not all
clients are capable of asking for a lock.  In the case where a client does
not have the appropriate lock available and wishes to ensure that they will
not suffer from the lost update problem then the client should use the
if-match header on their PUT request.

		Yaron

> -----Original Message-----
> From:	Larry Masinter [SMTP:masinter@parc.xerox.com]
> Sent:	Monday, February 16, 1998 11:49 PM
> To:	Yaron Goland; 'Sanford L. Barr'; ejw@ics.uci.edu; 'WEBDAV WG';
> jdavis@parc.xerox.com
> Subject:	Re: "Lost Updates" still persist...
> 
> 
> >If someone writes a buggy client that is so unbelievably stupid that it
> >assumes that resources do not change over time then might I respectfully
> >suggest that the market will very quickly make the product a failure. 
> >
> >This is not an issue of a protocol requirement, this is an issue of
> common
> >sense. 
> >
> >Alas, one can not require common sense.
> 
> 
> It is common to require that services protect themselves against clients
> that misbehave.
> Even though misbehavior might be against "common sense" from some
> perspectives,
> there are so many applications for an un-guarded PUT that it's not against
> "common sense"
> to believe that a client might be capable of doing a PUT without a lock,
> and that some
> user might misapply this operation to a server that otherwise had a
> perfectly good
> locking mechanism.
> 
> And it is also the case that products that don't guard against such
> misbehavior
> might STILL be a success in the marketplace.
> 
> All in all, I think there's a place for some discussion of the issues in
> the Webdav spec,
> even if it is an implementation note. Implementation notes have the
> advantage of not
> forming requirements for 'common sense', but at least in making it more
> common.
> 
> Regards,
> 
> Larry
> 
Received on Wednesday, 18 February 1998 00:02:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:44 GMT