DO NOT REPLY [Bug 27100] - WebDAV locking implementation incompatible with some clients.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://issues.apache.org/bugzilla/show_bug.cgi?id=27100. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=27100 WebDAV locking implementation incompatible with some clients. [EMAIL PROTECTED] changed: What|Removed |Added CC||[EMAIL PROTECTED] --- Additional Comments From [EMAIL PROTECTED] 2004-06-18 23:54 --- *** Bug 10539 has been marked as a duplicate of this bug. *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 27100] - WebDAV locking implementation incompatible with some clients.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27100. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27100 WebDAV locking implementation incompatible with some clients. [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Additional Comments From [EMAIL PROTECTED] 2004-02-22 22:36 --- Having had a good look through the spec I don't think that it does allow the lock token to be obsfucated. I am basing this opinion on the following quotes: - 6.3 quoteAnyone can find out anyone else's lock token by performing lock discovery./quote - 17.3 Security through Obscurity quote WebDAV provides, through the PROPFIND method, a mechanism for listing the member resources of a collection. This greatly diminishes the effectiveness of security or privacy techniques that rely only on the difficulty of discovering the names of network resources. Users of WebDAV servers are encouraged to use access control techniques to prevent unwanted access to resources, rather than depending on the relative obscurity of their resource names. /quote I have just committed a patch to CVS that removes the lock obsfucation functionality. This will be included in the next release. It has also been ported to TC4. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 27100] - WebDAV locking implementation incompatible with some clients.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27100. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27100 WebDAV locking implementation incompatible with some clients. --- Additional Comments From [EMAIL PROTECTED] 2004-02-20 10:23 --- I think the problem is that the servlet obsfucates lock tokens, which it has every right to do (this is from memory). Anyway, the servlet supports WebDAV level 1, which doesn't include locking (which is very complex to implement completely, so is only partially implemented). I'll let Mark resolve this report. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DO NOT REPLY [Bug 27100] - WebDAV locking implementation incompatible with some clients.
[EMAIL PROTECTED] wrote: I think the problem is that the servlet obsfucates lock tokens, which it has every right to do (this is from memory). That's incorrect. It has the right to *hide* lock tokens, but not to return incorrect ones. Anyway, the servlet supports WebDAV level 1, which doesn't include locking (which is very complex to implement completely, so is only partially implemented). I'll let Mark resolve this report. Can anybody explain why the servlet actually *intends* to hide the lock token? Each and every WebDAV server I've seen (and I've seen a lot) reveals them upon PROPFFIND/lockdiscovery. Regards, Julian -- green/bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DO NOT REPLY [Bug 27100] - WebDAV locking implementation incompatible with some clients.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27100. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27100 WebDAV locking implementation incompatible with some clients. --- Additional Comments From [EMAIL PROTECTED] 2004-02-20 15:23 --- A couple of suggestions based on the recent comment. - If only Level 1 is supported, and locking is not supported fully, then perhaps a configuration option would be warranted that: - Keeps the servlet from reporting that it supports: level 2 and lock methods. - Makes lock operations a no-op for clients that still try to lock no matter what. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
