> All, > > I recently gave a presentation on locking-down Apache Tomcat[1] and I > briefly discussed the "sharp edges" present in Tomcat. Some of them > are unnecessarily sharp and may be actually unnecessary. I'm going to > make a few proposals to remove functions from Tomcat. > > Proposal: Remove WebDAV > > Justification: > > WebDAV is a protocol that never really took off[2]. Read-only WebDAV > can practically be replaced by standard HTTP GET and read-write WebDAV > has a host of security problems. There are better solutions to > supporting WebDAV than using the Tomcat module. > > A recent search of the users mailing list shows only 10 threads > regarding WebDAV in the past 6 years.
I'm not so sure on this one. There are times when being able to set up a platform independent read/write file share can be useful. Generally, inside trusted environments. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
