- From: Andrei Sambra <andrei@w3.org>
- Date: Fri, 30 Jan 2015 09:33:24 -0500
- To: public-ldp@w3.org
- Message-ID: <54CB9634.6080401@w3.org>
Hi Melvin, First of all please bear in mind that the LDP group hasn't really tackled this topic. A note [1] was published re. UC&R for LDP and ACLs, so you may want to take a look at it. I hope it helps. On 1/30/15 6:32 AM, Melvin Carvalho wrote: > I'm using an LDPC as a webized version of a UNIX file system > > What I do is POST to an LDPC and look for the location field after > creating a resource > > Then I add an ACL file to control access > > However I realized there is a short window where the file might not have > the access control I want. An attacker could subscribe to the container > for notifications then intercept the message creating a race condition What you're saying is true, but I fear it's more of a theoretical problem rather than a practical one. Assuming the server uses HTTPS, an attacker won't be able to find out which resource you are creating so that they can set an ACL before you do, all in a time frame of about a second. > > In the UNIX world inodes and files are closely coupled so the operation > is atomic, this is not true in HTTP > > Maybe a better idea would be to use the UNIX equivalent of a umask to > set default permissions Normally, I would expect that a default ACL would be set for the master (root) container, blocking write access for everyone. > > Any thoughts on this? -- Andrei [1] http://www.w3.org/TR/ldp-acr/
Received on Friday, 30 January 2015 14:33:55 UTC