tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: [OT] Re: SSL configuration using PFX as keystore
Date Wed, 22 Jul 2015 21:14:16 GMT
Mark Thomas wrote:
> On 08/07/2015 16:22, André Warnier wrote:
> <snip />
>> With respect, you both don't get it.  MS support is deliberately
>> pitiful, to emphasize the fact that MS software is by definition
>> bug-free and does not really need support.
> I've had several extremely frustrating telephone calls this afternoon
> where various levels of Microsoft staff repeating their position that
> the WebDAV client is "working as designed" and that prompting for
> authentication is a perfectly reasonable response when trying to connect
> to a server that does not require authentication but does have a cert
> issued by a CA the client doesn't trust.
> So far the minor security vulnerability (details to follow once
> Microsoft provide their final response in writing) is "working as
> designed" as well. Hmm. "Microsoft Windows - insecure by design". There
> is a nice strap line. I wonder if their marketing folks would like to
> use it. I'd be happy to offer them a royalty free license.
> I've asked MS to provide the justification for this position in writing
> - mainly because I intend writing up a blog post to make clear to those
> who haven't already figured it out that the Microsoft WebDAV client is,
> despite the improvements in recent Windows versions, still buggy and -
> more importantly - Microsoft are point blank refusing to fix obvious
> bugs and (minor) security vulnerabilities.
> I recall that someone on this list said that they had switched to a 3rd
> party WebDAV client and hadn't looked back since. Could that person
> remind me what that client was. I'd be happy to give it a plug in the
> blog post.

If that person was me, I was mentioning WebDrive 

> I'll also be updating the Tomcat docs to make it clear that the
> Microsoft WebDAV client is unsupported and I'll be removing the WebDAV
> fix valve from Tomcat 9 onwards since it fixes bugs in old, unsupported
> MS WebDAV clients and there is no way to fix issues like the current one
> on the server side. I'll be asking httpd to add a similar note regarding
> the supportability of the MS WebDAV client.
> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message