Re: [OpenSPP-project] What is the correct behavior of DelDestGrpRqst when the targeted group does n
Status: Planning
Brought to you by:
deanwillis
Menu
▾
▴
Re: [OpenSPP-project] What is the correct behavior of DelDestGrpRqst when the targeted group does not exist or has been previously deleted?
|
From: Cartwright, K. <kca...@tn...> - 2011-08-24 13:33:36
|
The behavior you are describing is correct per the current wording in the spec. But I do not see it as a noteworthy item, so I could actually go either way on it. Both approaches have advantages and neither of the two approaches necessitate a change to the XSD or the WSDL or the response codes. Ken ________________________________________ From: Dean Willis [dea...@so...] Sent: Tuesday, August 23, 2011 7:45 PM To: ope...@li... Subject: [OpenSPP-project] What is the correct behavior of DelDestGrpRqst when the targeted group does not exist or has been previously deleted? Right now, I can run repeated delete group requests, specifying the same group, and always get the same code 1000 Overall Success response. This doesn't seem right. WHat should it do? But it raises a question about a threat model. Suppose I attempt to delete a DestGrp that I should not be authorized to delete, or even see. If the respose returns as "unauthorized", as opposed to "not found", do I now know about the existence of a DestGrp that I was only guessing existed? Is this a problem? Always returning a "happy" response precludes the information leak, but it could cause other problems. -- Dean ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ OpenSPP-project mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openspp-project This e-mail message is for the sole use of the intended recipient(s)and may contain confidential and privileged information of Transaction Network Services. Any unauthorised review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. |
