-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Michael,
On 10/9/19 11:36, Michael Osipov wrote: > Am 2019-10-07 um 16:54 schrieb Christopher Schultz: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> All, >> >> I recently gave a presentation on locking-down Apache Tomcat[1] >> and I briefly discussed the "sharp edges" present in Tomcat. Some >> of them are unnecessarily sharp and may be actually unnecessary. >> I'm going to make a few proposals to remove functions from >> Tomcat. >> >> Proposal: Remove WebDAV >> >> Justification: >> >> WebDAV is a protocol that never really took off[2]. > > From where do you take this? We, at work, use it all the time. > Either from Sharepoint, or a new project with mod_dav. Just because you use it doesn't mean it's widely-used. We use it at $work as well, and it's a giant pain in the neck for anyone using a Windows operating system. Linux and MacOS are totally fine, but we have to buy a separate product to get Windows clients working properly, and it's not super reliable. > Another great example is mod_dav_svn. You can access you repo with > any DAV client (except crappy Windows Explorer). Or, since svn is HTTP, you can just use plain-old HTTP. Besides, mod_dav_svn doesn't work with Tomcat. >> Read-only WebDAV can practically be replaced by standard HTTP GET >> > > No, it can't. you can't list collections with multistatus w/o > WebDAV. Meh. >> and read-write WebDAV has a host of security problems. There are >> better solutions to supporting WebDAV than using the Tomcat >> module. > > Which are? Milton.io? How about mod_dav and friends? > The only drawback I see with the current servlet is that I cannot > have arbitrary paths of my context served by this servlet. It > serves either the entire app or nothing. That's why I have resorted > to mod_dav. Okay, so someone who really wants to make DAV work has decided that Tomcat's implementation won't cut it. I fee that as further evidence that Tomcat's implementation can just die. >> A recent search of the users mailing list shows only 10 threads >> regarding WebDAV in the past 6 years. > > Maybe people are just happy with the servlet? People are super happy with the TLS implementation and ask about it all the time. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2eNo4ACgkQHPApP6U8 pFgeow/+LzA+bwZtlK4r3cNZ5NQIlhfErzp5/EF+IcvfuRgrZKC0seLc9I0B9/GD U9FkzcyCebTaEjK4zUQKpzI8pgJUgkGj8v+EbStZSSNASrL9rZra0Lkzbqm6nXgQ 33tHE0+pqRnny9j4Ysye1L+q2m1qyTg+cVoz5h7vN2ybXsJXeT7aQklOSj5b7yJx 464s2/wF8dfhY0U6uDIHg3ixK0378kptixfbQMuB/fHMoHkQRNznfayvjAoRiTGn EfeD+w4HsS9r46JdmnB5OMIPjPcbSuCI4OuSLzkEaiYvdcgN5F4CZMQdua3MJWaB P8g0dkhC3FzLf/LoXfOa9GmjUuer+TuaFKPLjTKCHF1SBhQx4ZXcMjsVX4zQkvS3 JDXemUUF6eOo/doj360AQeV8B/FBzePd33R2rhSB12FG19vrSgIjlALdTg1E0H4S JeMuq7PBY44uWWJaEAMAg/LghWCyc3RICZi58htydUO/fnF4LA90kNz8RlSQ18Wg iozFCeCQCQdbd6MuOqe+irU1+kAPvyezEd2YIU/S5TjD17PqE/6cZgEPzZRUrFc7 Z+JB6kBsGNJ9fVXMYqx4VBLx5lcaIy942fft5UiNqMsPaUT686R68Oj1WKJGbMgF d0h93S14V8d02H+H9SFkV1oP2KOvILRhs3fJTFZLXZ/kU2CBBYU= =f/+q -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
