W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2006

Mount considerations

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Wed, 17 May 2006 18:12:16 -0700
Message-Id: <AA6B4A88-62CE-488D-BE71-2546032FF182@osafoundation.org>
To: WebDav WG <w3c-dist-auth@w3.org>, Julian Reschke <julian.reschke@gmx.de>

Thinking about the DAV mount proposal (after posting on the CalDAV  
list), I started wondering if there's any real security consideration  
if the mount document is on a totally different server than the  
WebDAV collection.
  - Denial of service?  No different than any cross-site link to a  
WebDAV collection
  - Privacy? Possibly leaks username which is ordinarily not  
revealed.  Difficult to keep permissions synched with collection  
  - Other?  (anyone?  what am I missing?)

I guess the only one of those that bears mentioning in the document  
is that servers would reveal information unnecessarily, and possibly  
irresponsibly, unless they were to apply the same ACL to the  
collection and to the mount document.

Received on Thursday, 18 May 2006 01:12:25 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:35 UTC