httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo>
Subject Re: [Review] mod_dav.xml split (Revision)
Date Tue, 12 Nov 2002 21:50:07 GMT
* Joshua Slive wrote:

> 1. I'd move the more complete example that is now under the Dav directive
> up into the summary section.  There is no point in encouraging people to
> do silly things like open an unprotected DAV server.  Then in the Dav
> directive section, just include a warning to secure the server before
> enabling Dav.

ok, I've created an own example section. That doesn't belong to a summary, 
I think.

> 2. Tone down the "!" marks.  We tend to use those very rarely in formal
> english.

ok :)

> 3. No need to call SSL "even better" than digest auth.  Digest auth is
> fine.  The only advantage to SSL is that it encrypts the contents.  You
> might want to mention explictly that basic over SSL is secure.

hmm, digest auth is vulnerable to MIM attacks and can easily be faked by 
proxies. SSL is actually more secure (assuming a correct implementation).

> 5. What exactly needs to be done to get lockview in the right place?  I
> can fix it if it's not too complicated, or nag someone else if it is.

some time ago, Kess complained about the missing lockview tool on the dev 
list ;-). I have the version from mod_dav 1.x here (for win32), it seems to 
work fine, but I think it should be really ported to 2.0 (and use apr + 

print "Just Another Perl Hacker";

# André Malo, <> #

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message