William McVey wrote: >>Severe problems have already been reported with CMS (other than Plone >>which has never been tested) using WebDAV as their protocol for >>publishing documents. > > > Were the reported problems with using XXE against the Zope CMS found to > be errors attributable to the Zope WebDav implementation? I've used > WebDAV to publish Zope objects with no problem, and I've found that the > Zope developers are pretty receptive to bug reports.
No, we have never tested XXE against the Zope CMS. May be it works... We regularly test XXE against Apache mod_dav and the WebDAV extension of Windows 2003 IIS. We don't have the resources to test XXE against any other WebDAV implementation. However, because we have been urged to do so, we have tested XXE against a commercial CMS and had a lot of problems because: * this CMS wants documents to be published using simple PUTs; * XXE publishes its documents using ``PUT to a temporary file then, if success, MOVE Overwrite=T temp_file published_file'', otherwise DELETE tmp_file.
