W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2000

Re: [RFC2518 Issue] PROPFIND 'allprop' usage

From: Greg Stein <gstein@lyra.org>
Date: Thu, 23 Nov 2000 02:00:57 -0800
To: "Hall, Shaun" <Shaun.Hall@gbr.xerox.com>
Cc: w3c-dist-auth@w3.org
Message-ID: <20001123020057.Y21426@lyra.org>
On Thu, Nov 23, 2000 at 09:22:04AM -0000, Hall, Shaun wrote:
> > IMHO, attempting to synchronize thousands of files with a 
> > single call to
> > the server is not a fantastic idea.
> We agree, but unfortunately its in the WebDAV spec and products are based on
> it. We think breaking those products would set WebDAV back a bit. Customers
> who have paid for products ( sorry Greg :-) ) would not be pleased to find
> their product incompatible with the lastest WebDAV server.

I'm not against paid-for-products. I simply enjoy Open Source development,
and have the lucky luxury to be able to work on it full time. Heck. I'd say
that *very* few people would be using my code if it weren't for paid-for

> Unfortunately its a huge performance disaster on the server as well. What is
> the point of this behaviour if the server cannot cope under the load? Server
> implementors might choose one of the following:
> - server will attempt to perform the request (it may run out of resources
> and send an error to the client).
> - server will refuse such a request (which deviates from the RFC, but so be
> it).

I return a 403 (Forbidden) if a Depth:infinity PROPFIND hits mod_dav and it
has not been configured to allow them. Nothing in the RFC about "you MUST
NOT return a 403 for a PROPFIND". So I'd dispute your second statement :-)

[ and I always have the out: if an admin feels it *does* deviate from the
  spec, then they can simply enable the thing in their config. they're the
  ones to live with a DoS attack, not me :-) ]


Greg Stein, http://www.lyra.org/
Received on Thursday, 23 November 2000 05:04:58 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:22 UTC