Re: [RFC2518 Issue] PROPFIND 'allprop' usage

On Thu, Nov 23, 2000 at 09:22:04AM -0000, Hall, Shaun wrote:
>...
> > IMHO, attempting to synchronize thousands of files with a 
> > single call to
> > the server is not a fantastic idea.
> 
> We agree, but unfortunately its in the WebDAV spec and products are based on
> it. We think breaking those products would set WebDAV back a bit. Customers
> who have paid for products ( sorry Greg :-) ) would not be pleased to find
> their product incompatible with the lastest WebDAV server.

I'm not against paid-for-products. I simply enjoy Open Source development,
and have the lucky luxury to be able to work on it full time. Heck. I'd say
that *very* few people would be using my code if it weren't for paid-for
products.

>...
> Unfortunately its a huge performance disaster on the server as well. What is
> the point of this behaviour if the server cannot cope under the load? Server
> implementors might choose one of the following:
> - server will attempt to perform the request (it may run out of resources
> and send an error to the client).
> - server will refuse such a request (which deviates from the RFC, but so be
> it).

I return a 403 (Forbidden) if a Depth:infinity PROPFIND hits mod_dav and it
has not been configured to allow them. Nothing in the RFC about "you MUST
NOT return a 403 for a PROPFIND". So I'd dispute your second statement :-)

[ and I always have the out: if an admin feels it *does* deviate from the
  spec, then they can simply enable the thing in their config. they're the
  ones to live with a DoS attack, not me :-) ]

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Received on Thursday, 23 November 2000 05:04:58 UTC