- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Fri, 12 Jan 2007 09:25:42 +0100
- To: Tim Olsen <tolsen718@gmail.com>
- Cc: "Julian Reschke" <julian.reschke@gmx.de>, w3c-dist-auth@w3.org
Am 12.01.2007 um 01:15 schrieb Tim Olsen: > > On 1/11/07, Julian Reschke <julian.reschke@gmx.de> wrote: >> Tim Olsen schrieb: >> > >> > Hi, >> > >> > Let's say a user has an infinite-depth lock on collection C. >> There is >> > a resource R under a different collection for which the user >> does not >> > have DAV:write-content permission on (which is normally needed to >> > perform LOCK on). Can the user BIND the resource R under C >> (thereby >> > having R inherit the lock) with only DAV:bind permission on C? >> Or is >> > DAV:write-content permission also required on R ? >> >> I'm tempted to say "edge case", thus it depends. >> >> A server could allow the BIND, but that wouldn't affect the >> permissions, >> thus the resource wouldn't suddenly become writable by somebody else. >> >> Or it could reject the request. >> >> The important thing here is that the BIND request can't be used work >> around the security model, which seems be the case in both cases. > > > But if the server allows the BIND then the user can exclusively lock > any resource just by binding it under a locked collection that he or > she owns. Maybe it's best then to require DAV:write-content as well First, depth locks for BIND operations are crazy. Second, depth locks are a overblown idea anyway as of the personal opinion of yours truly. Third, what you describe seems to be a DoS by a (on almost all servers) authorized user. I don't think this justifies as a reason to make the bind spec more complex. Cheers, Stefan
Received on Friday, 12 January 2007 08:25:55 UTC