From: Junio C Hamano <gitster@pobox.com>
To: "Shawn O. Pearce" <spearce@spearce.org>
Cc: git@vger.kernel.org
Subject: Re: [RFC PATCH v4 14/26] Add stateless RPC options to upload-pack, receive-pack
Date: Wed, 28 Oct 2009 20:42:31 -0700 [thread overview]
Message-ID: <7vd446dfx4.fsf@alter.siamese.dyndns.org> (raw)
In-Reply-To: <1256774448-7625-15-git-send-email-spearce@spearce.org> (Shawn O. Pearce's message of "Wed\, 28 Oct 2009 17\:00\:36 -0700")
"Shawn O. Pearce" <spearce@spearce.org> writes:
> When --stateless-rpc is passed as a command line parameter to
> upload-pack or receive-pack the programs now assume they may
> perform only a single read-write cycle with stdin and stdout.
> This fits with the HTTP POST request processing model where a
> program may read the request, write a response, and must exit.
>
> When --advertise-refs is passed as a command line parameter only
> the initial ref advertisement is output, and the program exits
> immediately. This fits with the HTTP GET request model, where
> no request content is received but a response must be produced.
Is the idea to first run with --advertise-refs to get the set of refs, and
then doing another, separate run with --stateless-rpc, assuming that the
refs the other end advertised does not change in the meantime, to conclude
the business?
I suspect that two separate invocations on a (supposedly) single
repository made back-to-back can produce an inconsistent response in
verious situations (e.g. somebody pushing in the middle, or the same
hostname served by more than one mirrors) and the other end can get
confused.
I do not think there is any way to avoid it, short of adding to the second
request some "cookie" that allows the second requestee to verify that the
request is based on what he would give to the requester if this request
were the first step of the request made to him, iow, his state did not
change in the middle since the first request was made (either to him or to
the equivalent mirror sitting next to himm).
I wouldn't worry too much about this if the only negative effect could be
that the requestor's second request may result in an error, but I am
wondering if this can be used to attack the requestee.
next prev parent reply other threads:[~2009-10-29 3:43 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-29 0:00 [RFC PATCH v4 00/26] Return of smart HTTP Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 01/26] http-push: fix check condition on http.c::finish_http_pack_request() Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 02/26] pkt-line: Add strbuf based functions Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 03/26] pkt-line: Make packet_read_line easier to debug Shawn O. Pearce
2009-10-29 3:27 ` Junio C Hamano
2009-10-29 15:11 ` Shawn O. Pearce
2009-10-29 20:43 ` Junio C Hamano
2009-10-29 21:58 ` Shawn O. Pearce
2009-10-30 17:57 ` Jeff King
2009-10-30 19:12 ` Shawn O. Pearce
2009-10-30 19:30 ` Jeff King
2009-10-30 19:31 ` David Brown
2009-10-30 19:35 ` Junio C Hamano
2009-10-29 0:00 ` [RFC PATCH v4 04/26] fetch-pack: Use a strbuf to compose the want list Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 05/26] Move "get_ack()" back to fetch-pack Shawn O. Pearce
2009-10-29 3:24 ` Junio C Hamano
2009-10-29 15:08 ` Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 06/26] Add multi_ack_detailed capability to fetch-pack/upload-pack Shawn O. Pearce
2009-10-29 5:57 ` Junio C Hamano
2009-10-29 16:17 ` Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 07/26] remote-curl: Refactor walker initialization Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 08/26] fetch: Allow transport -v -v -v to set verbosity to 3 Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 09/26] remote-helpers: Fetch more than one ref in a batch Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 10/26] remote-helpers: Support custom transport options Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 11/26] Move WebDAV HTTP push under remote-curl Shawn O. Pearce
2009-10-30 15:02 ` Tay Ray Chuan
2009-10-31 0:09 ` Shawn O. Pearce
2009-10-30 16:10 ` Tay Ray Chuan
2009-10-30 19:06 ` Clemens Buchacher
2009-10-30 23:20 ` Tay Ray Chuan
2009-10-29 0:00 ` [RFC PATCH v4 12/26] remote-helpers: return successfully if everything up-to-date Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 13/26] Git-aware CGI to provide dumb HTTP transport Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 14/26] Add stateless RPC options to upload-pack, receive-pack Shawn O. Pearce
2009-10-29 3:42 ` Junio C Hamano [this message]
2009-10-29 15:26 ` Shawn O. Pearce
2009-10-29 20:43 ` Junio C Hamano
2009-10-30 23:59 ` Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 15/26] Smart fetch and push over HTTP: server side Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 16/26] http-backend: add GIT_PROJECT_ROOT environment var Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 17/26] http-backend: reword some documentation Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 18/26] http-backend: use mod_alias instead of mod_rewrite Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 19/26] http-backend: add example for gitweb on same URL Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 20/26] http-backend: more explict LocationMatch Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 21/26] Discover refs via smart HTTP server when available Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 22/26] Smart push over HTTP: client side Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 23/26] Smart fetch " Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 24/26] Smart HTTP fetch: gzip requests Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 25/26] t5540-http-push: remove redundant fetches Shawn O. Pearce
2009-10-29 0:00 ` [RFC PATCH v4 26/26] test smart http fetch and push Shawn O. Pearce
2009-10-29 0:31 ` Clemens Buchacher
2009-10-29 14:32 ` Shawn O. Pearce
2009-10-29 3:20 ` Junio C Hamano
2009-10-29 14:37 ` Shawn O. Pearce
2009-10-29 14:56 ` Shawn O. Pearce
2009-10-30 22:21 ` Junio C Hamano
2009-10-30 22:59 ` Shawn O. Pearce
2009-10-30 16:10 ` Tay Ray Chuan
2009-10-31 0:13 ` Shawn O. Pearce
2009-10-29 8:12 ` [RFC PATCH v4 00/26] Return of smart HTTP Jakub Narebski
2009-10-29 15:28 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7vd446dfx4.fsf@alter.siamese.dyndns.org \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).