httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Cohen <jos...@microsoft.com>
Subject RE: Suggested patch for unkown methods in <Limit>
Date Sat, 09 Jan 1999 05:04:56 GMT

Standardized or not, you *will* see servers running with 
new methods such as DASL and more *really* soon.

folks.. its a two line patch.


> -----Original Message-----
> From: Greg Stein [mailto:gstein@lyra.org]
> Sent: Friday, January 08, 1999 7:21 PM
> To: new-httpd@apache.org
> Subject: Re: Suggested patch for unkown methods in <Limit>
> 
> 
> Josh Cohen wrote:
> > > From: Dean Gaudet [mailto:dgaudet@arctic.org]
> > > Sent: Friday, January 08, 1999 4:02 PM
> > > To: 'new-httpd@apache.org'
> > > Subject: RE: Suggested patch for unkown methods in <Limit>
> > >
> > >
> > > Oh and then do we retract it later and say "oh sorry, we
> > > didn't like that
> > > feature and needed to change the syntax... so please go 
> through your
> > > entire filesystem searching for .htaccess files with the old
> > > syntax and
> > > fix them".
> > >
> > There's no reason to do that since the changes are totally
> > compatible.
> > Even besides that, its always important to be able to identify
> > an unknown entity.
> 
> Being able to Limit on M_UNKNOWN would be good and shouldn't be a big
> patch (I believe that is what you're suggesting).
> 
> For example, you could just flat-out deny anything that isn't 
> recognized
> for a particular directory. In another directory, it is 
> allowed through
> and processed by a module's handler. This would be handy.
> 
> > > No way.
> > >
> > > We can do that across a major rev.  Not a minor rev.
> > >
> > So in the mean time, Apache remains a poor choice for a DAV server
> > since its impossible to have the most common and useful 
> security setup.
> > You can't make something publicly read only and read-write for its
> > owners...
> 
> Untrue. 1.3.4 allows Limit for the Class 1 and 2 DAV methods. 
> Therefore,
> it is perfectly suitable for deployment as a DAV server.
> 
> Your statement is only valid for future HTTP methods (not just DAV).
> Since no other DAV spec has even reached last call (unless I missed
> something), then Apache 1.3.4 covers the common case for a while.
> 
> It will be a problem later this year, though, when more of the DAV
> servers start implementing the Advanced Collections (e.g. 
> MKREF) and the
> ACL stuff. PyDAV has added MKREF already, for example. I plan to add
> this stuff to mod_dav, also.
> 
> Of course, I can supply patches to Apache itself, but that is a crufty
> solution compared to supplying prebuilt modules for dynamic 
> loading to a
> binary-distribution version of Apache.
> 
> That said: I know the Group is near the 1.3.4 release. My request for
> the Group would be to issue 1.3.4 RSN, start on 2.0, then 
> come back and
> do a 1.3.5 later (which would include LimitExcept). That 
> allows them to
> get moving on 2.0, yet solves the problem for Class 1/2 DAV 
> servers, and
> provides for upcoming DAV extensions.
> 
> Cheers,
> -g
> 
> --
> Greg Stein, http://www.lyra.org/
> 

Mime
View raw message