- From: Eric Sedlar <eric.sedlar@oracle.com>
- Date: Wed, 17 Sep 2003 11:16:33 -0700
- To: "'Horst Liermann'" <horst.liermann@ixos.de>, <w3c-dist-auth@w3.org>
The ACL spec hasn't defined a privilege specifically to control read access to the lockdiscovery property, or even a privilege to control access to all the privileges in total. An individual server implementation could provide such a privilege and aggregate it under <dav:read>, but this isn't required. --Eric > -----Original Message----- > From: w3c-dist-auth-request@w3.org [mailto:w3c-dist-auth-request@w3.org] > On Behalf Of Horst Liermann > Sent: Wednesday, September 17, 2003 10:08 AM > To: 'w3c-dist-auth@w3.org' > > > Hi all, > > some questions about lockdiscovery and ACL's > > Suppose, you have a server with WebDAV ( including lock) and it support's > ACL. What is the behavior for lockdiscovery, can I see all lock token or > am > I only allowed to see the tokens where I am the owner of the lock ? As far > as I understand, lockdiscovery reports all locks. Is this a security leak > ? > > Best Regards > Horst
Received on Wednesday, 17 September 2003 14:17:04 UTC