- From: Lisa Dusseault <lisa@osafoundation.org>
- Date: Fri, 2 Dec 2005 11:33:41 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: w3c-dist-auth@w3.org
How about adding to the DOS section?
WebDAV servers need to be aware of the possibility of a denial of
service attack at all levels. The proper response to such an attack
MAY be to simply
drop the connection, or if the server is able to make a response,
the server MAY use a 400-level status request such as 400 (Bad
Request) and indicate why the request was refused (a 500-level
status response would indicate that the problem is with the
server,
whereas unintentional DOS attacks are something the client is
capable of remedying).
On Dec 1, 2005, at 11:26 AM, Julian Reschke wrote:
> Lisa Dusseault wrote:
>> Sorry about that -- I'll blame both a brain fart and I lost access to
>> bugzilla immediately after I entered this so I couldn't change it. I
>> do see how a 4xx error is better because the same request won't
>> succeed later. Which 4xx response though?
>> Lisa
>
> I think 400 is just fine.
>
> See
> <http://greenbytes.de/tech/webdav/draft-reschke-webdav-rfc2518bis-
> latest.html#rfc.change.bz011.1>.
>
> Best regards, Julian
Received on Friday, 2 December 2005 19:33:55 UTC