- From: Jim Davis <jdavis@parc.xerox.com>
- Date: Fri, 13 Feb 1998 18:58:51 PST
- To: Yaron Goland <yarong@microsoft.com>, "'Sanford L. Barr'" <sbarr@interwoven.com>
- Cc: "'w3c-dist-auth@w3.org'" <w3c-dist-auth@w3.org>
At 05:40 PM 2/13/98 PST, Yaron Goland wrote: >So e-tags completely address your concern without requiring locks. Not that >this stops someone from using locks if they so choose. Yaron is right that A can protect itself by either using locks or etags. But what about B? B played by the rules (locked the file) but since A did not, B lost the $50. Sanford is right that this could have been prevented if the server made locking mandatory. But there is no need for the SPECIFICATION of DAV to make it mandatory, so long as it does not prohibit it. I would say to Sanford (and other concerned managers). When you are shopping for a WebDAV server, tell the vendor that you want mandatory locking. Lacking that, you need to ensure that all clients use locking. You can't *enforce* this, except by inspection and configuration management, but then again neither can you ensure that all clients are free of bugs. Even if locking were mandatory, a sufficiently buggy or malicious client A could have lost the money anyway: B gets lock, adds money to BANK B releases lock A gets lock, takes all the money and transfers it to Switzerland A releases lock. I am afraid we will just have to live with the risk of buggy clients that don't use locks, just as we must tolerate the year 2000 problem and Kenneth Starr. Jim
Received on Friday, 13 February 1998 22:12:28 UTC