On 08/07/2015 16:22, André Warnier wrote: <snip />
> With respect, you both don't get it. MS support is deliberately > pitiful, to emphasize the fact that MS software is by definition > bug-free and does not really need support. I've had several extremely frustrating telephone calls this afternoon where various levels of Microsoft staff repeating their position that the WebDAV client is "working as designed" and that prompting for authentication is a perfectly reasonable response when trying to connect to a server that does not require authentication but does have a cert issued by a CA the client doesn't trust. So far the minor security vulnerability (details to follow once Microsoft provide their final response in writing) is "working as designed" as well. Hmm. "Microsoft Windows - insecure by design". There is a nice strap line. I wonder if their marketing folks would like to use it. I'd be happy to offer them a royalty free license. I've asked MS to provide the justification for this position in writing - mainly because I intend writing up a blog post to make clear to those who haven't already figured it out that the Microsoft WebDAV client is, despite the improvements in recent Windows versions, still buggy and - more importantly - Microsoft are point blank refusing to fix obvious bugs and (minor) security vulnerabilities. I recall that someone on this list said that they had switched to a 3rd party WebDAV client and hadn't looked back since. Could that person remind me what that client was. I'd be happy to give it a plug in the blog post. I'll also be updating the Tomcat docs to make it clear that the Microsoft WebDAV client is unsupported and I'll be removing the WebDAV fix valve from Tomcat 9 onwards since it fixes bugs in old, unsupported MS WebDAV clients and there is no way to fix issues like the current one on the server side. I'll be asking httpd to add a similar note regarding the supportability of the MS WebDAV client. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
