[cosmo-dev] options to fix security hole
Jeffrey Harris
jeffrey at osafoundation.org
Tue Feb 19 11:00:31 PST 2008
Hi Randy,
> I'm having doubts about making the server + security fixes fully
> backwards compatible with existing clients. I'm mainly talking about
> silently failing when updating read-only items. I don't like the idea
> that the client thinks something succeeded, when it really didn't.
To be clear, I'd been hoping we could send a non-fatal warning to the
client, so recent Desktop clients could handle this case gracefully. As
I think about it, I don't know of a mechanism in Morse Code to provide
non-fatal warnings; maybe we could use custom HTTP headers in the response?
But I think it's problematic for the server to fail when old desktop
clients do normal sharing activities like sharing an item in two
collections. It seems like this would happen frequently in a
fail-without-read-write-ticket world, but maybe I'm not understanding
why this wouldn't happen often?
It occurs to me that we should probably add some future proofing to the
desktop error system, so future desktop clients can display arbitrary
error messages from the server. Right now errors get logged and users
don't get much feedback about why things fail (unless they think to
mouseover the sync-failure icon). It'd be nice if after a server
upgrade we could have the server provide arbitrary messages to display
as a pop-up in the client.
Sincerely,
Jeffrey
More information about the cosmo-dev
mailing list