W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2000

RE: Loops II

From: Clemm, Geoff <gclemm@Rational.Com>
Date: Wed, 15 Mar 2000 18:01:32 -0500
Message-ID: <65B141FB11CCD211825700A0C9D609BC01D4D778@chef.lex.rational.com>
To: w3c-dist-auth@w3.org
I'm probably not as concerned by the denial of service attack as I am
that the client will be burdened with large numbers of duplicates when
they try a PROPFIND in this case.

Perhaps instead of (in addition to?) "Loop Detected", we could have a
"Duplicate Detected" status, which would provide a way
for a server to say that this resource has already appeared in the PROPFIND.

If we returned all properties with duplicates, this would still result in
much redundancy in the PROPFIND result.  I guess I'd like to modify my
earlier
response to say we *only* return the DAV:urn property in the case of
duplicates.

As a final thought, shouldn't "Duplicate Detected" be a 2xx status, since it
is
not an error, but rather just an abbreviation?

Cheers,
Geoff 

-----Original Message-----
From: Tim Ellison/OTT/OTI [mailto:Tim_Ellison@oti.com]
Sent: Wednesday, March 15, 2000 3:34 PM
To: w3c-dist-auth@w3.org
Subject: Loops II


An observation:
Although infinite loops are broken using Loop Detected rules, since all
(non-circular) paths are returned by deep operations it is trivial to
construct an n**m walks graph by having n levels with m bindings between
each.
This would be a prime candidate for denial of service type attacks against
a server.

Tim
Received on Wednesday, 15 March 2000 18:02:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:54 GMT