W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: [Bug 11] Protection against XML Denial Of Service attacks

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Sat, 3 Dec 2005 21:48:32 -0800
Message-Id: <1ffdf7d0b0fb7ba78d7b727f4302c222@osafoundation.org>
Cc: w3c-dist-auth@w3.org
To: Julian Reschke <julian.reschke@gmx.de>

Perhaps there's a better phrase for that -- I meant a client request 
that the server decided to consider a DOS attack but the client didn't. 
  E.g. a PROPFIND depth infinity on root.

Lisa

On Dec 3, 2005, at 1:18 PM, Julian Reschke wrote:

>
> Lisa Dusseault wrote:
>> How about adding to the DOS section?
>>    WebDAV servers need to be aware of the possibility of a denial of
>>    service attack at all levels. The proper response to such an 
>> attack MAY be to simply
>>       drop the connection, or if the server is able to make a 
>> response,
>>       the server MAY use a 400-level status request such as 400 (Bad
>>       Request) and indicate why the request was refused (a 500-level
>>       status response would indicate that the problem is with the 
>> server,
>>       whereas unintentional DOS attacks are something the client is 
>> capable of remedying).
>
>
> Hm. What is an "unintential DOS attack"?
>
>
Received on Sunday, 4 December 2005 05:49:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:11 GMT