- From: Hall, Shaun <Shaun.Hall@GBR.XEROX.COM>
- Date: Mon, 6 Aug 2001 09:46:52 +0100
- To: "'W3C WebDAV Mailing List'" <w3c-dist-auth@w3.org>
Resending as the list didn't send me (or a colleague) a copy so not sure if it got through. Apologies if you've seen this. Shaun Hall Xerox Europe > -----Original Message----- > From: Hall, Shaun > Sent: 02 August 2001 15:36 > To: 'Alan Kent'; w3c-dist-auth@w3.org > Subject: RE: OT Bypassing WebDAV LOCK mechanism (was RFC2518 issue...) > > > Again, not bashing the vendors/implementors as these are > observations and its all IMHO ... > > > -----Original Message----- > > From: Alan Kent [mailto:ajk@mds.rmit.edu.au] > > Sent: 02 August 2001 01:14 > > To: w3c-dist-auth@w3.org > > Subject: Re: rfc2518 issue: DEFER_LOCK_NULL_RESOURCES_IN_SPEC > > > > I would be interested in other implementors feeling on this one. > > Its certainly not true for our system. Its certainly not true > > for Oracle iFS. I am pretty sure its not true for Apache mod_dav > > (its not unreasonable for web site administrators to go to the file > > system directly). I suspect the same holds for IIS. > > FYI: > > Greg/Keith (or whoever wrote it) sums it up nicely. Take a > look at the "Caveats" for mod_dav at > http://www.webdav.org/mod_dav/win32/, > specifically the 3rd > bullet. Off the top of my head, I don't know if this applies > to the Unix version as well. I haven't tested either platform > in this destructive manner. Maybe Greg can shed more light on > the matter. > > As a side note, I did a quick test with IIS on Windows 2000. > Sure enough, when you LOCK an existing file (can't lock > folders) or create an LNR, the file (including LNR as they > are implemented as files) cannot be deleted say via the cmd > line ("In use by another process" kinda msg). Looks good so > far. However, using a utility (SysInternals Process Explorer > at http://www.sysinternals.com/ntw2k/freeware/procexp.shtml), > I could close the handle to the locked file (whilst it was > still locked by IIS) and then delete the file via the cmd > line. I haven't investigated how Process Viewer actually > closes the handle (maybe a call with Win32 CloseHandle()) or > what permissions are needed (I did it all with Admin rights). > > See how easy it was for me to circumvent the *entire* WebDAV > LOCK mechanism (for LNR and "normal" resources) ? > > Okay this is getting a little off topic, but you get my point. > > > > > > > I have probably said enough on this topic. > > Me too :-) > > > > > Alan > > > > Regards > > Shaun Hall > Xerox Europe >
Received on Monday, 6 August 2001 04:47:05 UTC