W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 1998

RE: "Lost Updates" still persist

From: Jim Davis <jdavis@parc.xerox.com>
Date: Fri, 13 Feb 1998 18:58:51 PST
Message-Id: <>
To: Yaron Goland <yarong@microsoft.com>, "'Sanford L. Barr'" <sbarr@interwoven.com>
Cc: "'w3c-dist-auth@w3.org'" <w3c-dist-auth@w3.org>
At 05:40 PM 2/13/98 PST, Yaron Goland wrote:
>So e-tags completely address your concern without requiring locks. Not that
>this stops someone from using locks if they so choose.

Yaron is right that A can protect itself by either using locks or etags.

But what about B?  B played by the rules (locked the file) but since A did
not, B lost the $50.

Sanford is right that this could have been prevented if the server made
locking mandatory.  But there is no need for the SPECIFICATION of DAV to
make it mandatory, so long as it does not prohibit it.

I would say to Sanford (and other concerned managers). When you are
shopping for a WebDAV server, tell the vendor that you want mandatory locking.

Lacking that, you need to ensure that all clients use locking.  You can't
*enforce* this, except by inspection and configuration management, but then
again neither can you ensure that all clients are free of bugs.  Even if
locking were mandatory, a sufficiently buggy or malicious client A could
have lost the money anyway:

B gets lock, adds money to BANK
B releases lock
A gets lock, takes all the money and transfers it to Switzerland
A releases lock.

I am afraid we will just have to live with the risk of buggy clients that
don't  use locks, just as we must tolerate the year 2000 problem and
Kenneth Starr.

Received on Friday, 13 February 1998 22:12:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:13 UTC