W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2007

Re: PROPFIND Depth:1 and ACLs

From: Cyrus Daboo <cyrus@daboo.name>
Date: Wed, 11 Apr 2007 21:20:33 -0400
To: Julian Reschke <julian.reschke@gmx.de>
cc: WebDav <w3c-dist-auth@w3.org>
Message-ID: <A737F3B1DE2897B24E8519A4@ninevah.local>

Hi Julian,

--On April 11, 2007 11:51:00 PM +0200 Julian Reschke 
<julian.reschke@gmx.de> wrote:

>> Any suggestions on how best to deal with this?
>
> I think the 403 approach makes sense, except if you treat the existence
> of that resource to be secret as well.

Of course it is not just the existence of the resource that is being given 
away, but also the "name" of the resource. Since most people name documents 
with something that is vaguely descriptive of the content, then exposing 
that name, even via a 403, maybe too much.

-- 
Cyrus Daboo
Received on Thursday, 12 April 2007 01:20:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:15 GMT