On Mon, Oct 7, 2019 at 5:05 PM Mark Thomas <ma...@apache.org> wrote: > > All, > > > > I recently gave a presentation on locking-down Apache Tomcat[1] and I > > briefly discussed the "sharp edges" present in Tomcat. Some of them > > are unnecessarily sharp and may be actually unnecessary. I'm going to > > make a few proposals to remove functions from Tomcat. > > > > Proposal: Remove WebDAV > > > > Justification: > > > > WebDAV is a protocol that never really took off[2]. Read-only WebDAV > > can practically be replaced by standard HTTP GET and read-write WebDAV > > has a host of security problems. There are better solutions to > > supporting WebDAV than using the Tomcat module. > > > > A recent search of the users mailing list shows only 10 threads > > regarding WebDAV in the past 6 years. > > I'm not so sure on this one. There are times when being able to set up a > platform independent read/write file share can be useful. Generally, > inside trusted environments. >
I'd also think WebDAV support can stay. If the protocol wasn't a bigger success it's IMO all Microsoft's fault, since they insist(ed) on having non compliant impls. So using it in practice has always been harder for users. It should have been better overall since WebDAV (and extensions) are HTTP and benefit from all the security layers and ease of use there. Rémy > > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
