W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2006

Mount considerations

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Wed, 17 May 2006 18:12:16 -0700
Message-Id: <AA6B4A88-62CE-488D-BE71-2546032FF182@osafoundation.org>
To: WebDav WG <w3c-dist-auth@w3.org>, Julian Reschke <julian.reschke@gmx.de>


Thinking about the DAV mount proposal (after posting on the CalDAV  
list), I started wondering if there's any real security consideration  
if the mount document is on a totally different server than the  
WebDAV collection.
  - Denial of service?  No different than any cross-site link to a  
WebDAV collection
  - Privacy? Possibly leaks username which is ordinarily not  
revealed.  Difficult to keep permissions synched with collection  
permissions.
  - Other?  (anyone?  what am I missing?)

I guess the only one of those that bears mentioning in the document  
is that servers would reveal information unnecessarily, and possibly  
irresponsibly, unless they were to apply the same ACL to the  
collection and to the mount document.

Lisa
Received on Thursday, 18 May 2006 01:12:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:14 GMT