- From: Greg Stein <gstein@lyra.org>
- Date: Thu, 23 Nov 2000 02:00:57 -0800
- To: "Hall, Shaun" <Shaun.Hall@gbr.xerox.com>
- Cc: w3c-dist-auth@w3.org
On Thu, Nov 23, 2000 at 09:22:04AM -0000, Hall, Shaun wrote: >... > > IMHO, attempting to synchronize thousands of files with a > > single call to > > the server is not a fantastic idea. > > We agree, but unfortunately its in the WebDAV spec and products are based on > it. We think breaking those products would set WebDAV back a bit. Customers > who have paid for products ( sorry Greg :-) ) would not be pleased to find > their product incompatible with the lastest WebDAV server. I'm not against paid-for-products. I simply enjoy Open Source development, and have the lucky luxury to be able to work on it full time. Heck. I'd say that *very* few people would be using my code if it weren't for paid-for products. >... > Unfortunately its a huge performance disaster on the server as well. What is > the point of this behaviour if the server cannot cope under the load? Server > implementors might choose one of the following: > - server will attempt to perform the request (it may run out of resources > and send an error to the client). > - server will refuse such a request (which deviates from the RFC, but so be > it). I return a 403 (Forbidden) if a Depth:infinity PROPFIND hits mod_dav and it has not been configured to allow them. Nothing in the RFC about "you MUST NOT return a 403 for a PROPFIND". So I'd dispute your second statement :-) [ and I always have the out: if an admin feels it *does* deviate from the spec, then they can simply enable the thing in their config. they're the ones to live with a DoS attack, not me :-) ] Cheers, -g -- Greg Stein, http://www.lyra.org/
Received on Thursday, 23 November 2000 05:04:58 UTC