- From: Babich, Alan <ABabich@filenet.com>
- Date: Thu, 6 Jul 2000 20:21:01 -0700
- To: "'Clemm, Geoff'" <gclemm@rational.com>, WebDAV WG <w3c-dist-auth@w3.org>
I, too agree with the "the client proposes, the server disposes" theory. One advantage is that's a general way for the server to defend against naive and malicious clients from accidental or deliberate denial of service attacks. To extend my UNIX find analogy, if all the programmers at my company did UNIX find commands on the root directory, that would load the servers pretty good. You can generally trust your fellow programmers not to continually do stupid things, so that would be a temporary problem. But in the world of the internet, you have much less sophisticated people that could unwittingly do expensive things repeatedly, plus you have a few malicious hackers that might repeatedly do expensive things deliberately. This supports the "server disposes" theory. But, as to the idea of letting the client propose 20 or 100 as the limit (in addition to 0, 1, and infinity), the increased complexity might not be worth the decreased simplicity. I like the KISS principle. The UNIX find command doesn't have a way to specify a limit on the depth. It only has depth infinity. The UNIX find command has withstood the test of time, and I know of no UNIX implementations that have extended it to specify a limit of N. Since the UNIX find command is doing something somewhat similar, that tends to support my gut feeling that we need not bother to allow specification of depth N. So, what I propose is the following: Why don't we wait for feedback from real users to see if we really need depth N? Cut features until it's not useful for the first release, then add only features demanded by the customers in later releases. Alan Babich -----Original Message----- From: Clemm, Geoff [mailto:gclemm@rational.com] Sent: Thursday, July 06, 2000 2:20 PM To: 'Jim Davis'; WebDAV WG Subject: RE: [hwarncke@Adobe.COM: Re: [dav-dev] Depth Infinity Requests] I agree with the "client proposes, server disposes" guideline, but currently we are (in my view, inappropriately) limiting what the client can propose. In particular, we are not allowing the client to propose an upper limit such as "20" or "100", even when the client knows that to be the appropriate upper limit for its PROPFIND request. Cheers, Geoff -----Original Message----- From: Jim Davis [mailto:jrd3@alum.mit.edu] Sent: Thursday, July 06, 2000 5:14 PM To: WebDAV WG Subject: RE: [hwarncke@Adobe.COM: Re: [dav-dev] Depth Infinity Requests] At 05:58 PM 7/6/00 +0100, Gary Barnett wrote: >I think that creating a specification that builds in non-deterministic >behaviour would be a real pain. > >I think that the idea of passing a depth value (with perhaps a default value >which all servers support) makes sense from a client perspective. What we gain from the indeterminacy is flexibility. Otherwise, we either set the minimum standard high (and rule out cheap implementations) or set it low (thus requiring all clients to use inefficient methods, and making powerful implementations either useless or non-standard.) Yaron put it like this "The client proposes, the server disposes". Clients should ask for what they want, and be prepared to get less than that.
Received on Thursday, 6 July 2000 23:21:40 UTC