RE: Loops II

I'm probably not as concerned by the denial of service attack as I am
that the client will be burdened with large numbers of duplicates when
they try a PROPFIND in this case.

Perhaps instead of (in addition to?) "Loop Detected", we could have a
"Duplicate Detected" status, which would provide a way
for a server to say that this resource has already appeared in the PROPFIND.

If we returned all properties with duplicates, this would still result in
much redundancy in the PROPFIND result.  I guess I'd like to modify my
earlier
response to say we *only* return the DAV:urn property in the case of
duplicates.

As a final thought, shouldn't "Duplicate Detected" be a 2xx status, since it
is
not an error, but rather just an abbreviation?

Cheers,
Geoff 

-----Original Message-----
From: Tim Ellison/OTT/OTI [mailto:Tim_Ellison@oti.com]
Sent: Wednesday, March 15, 2000 3:34 PM
To: w3c-dist-auth@w3.org
Subject: Loops II


An observation:
Although infinite loops are broken using Loop Detected rules, since all
(non-circular) paths are returned by deep operations it is trivial to
construct an n**m walks graph by having n levels with m bindings between
each.
This would be a prime candidate for denial of service type attacks against
a server.

Tim

Received on Wednesday, 15 March 2000 18:02:16 UTC