tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject [PROPOSAL] Tomcat 10: Remove WebDAV
Date Mon, 07 Oct 2019 14:54:30 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

I recently gave a presentation on locking-down Apache Tomcat[1] and I
briefly discussed the "sharp edges" present in Tomcat. Some of them
are unnecessarily sharp and may be actually unnecessary. I'm going to
make a few proposals to remove functions from Tomcat.

Proposal: Remove WebDAV

Justification:

WebDAV is a protocol that never really took off[2]. Read-only WebDAV
can practically be replaced by standard HTTP GET and read-write WebDAV
has a host of security problems. There are better solutions to
supporting WebDAV than using the Tomcat module.

A recent search of the users mailing list shows only 10 threads
regarding WebDAV in the past 6 years.

- -chris


[1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc
at
[2] And yet I love WebDAV very much and wish it has better support on
Windows

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bUaYACgkQHPApP6U8
pFgpvw//fpgWZWxg+c0PsXqQK/Vyw5EBDxjq4ulXVxpO2MMI7On2iP7DaUUfCIPR
bd1ijbOEjydIHeD2Gu4hj+I9as2/avTjkVlzi3fhWsLypHWJ9x0vw+M9elJBapTY
+FtMj1e4U2QPvf98lDyaBMoSHCDIBZbGq0E5AlDVwjgCgJmxzT1FNQJI90gGwtiw
PYsLaNuMZc2gwzgyQ3978kL4zwFG3gWVSexNfiI2g3GEvpUhfh7fitskxwN8rILU
l/HJCJ6HiCRoISWwIPE/m+yAFzaYcWtcBaQzx5IiiJTG1LLSiLO79M6Sj6bnYDSG
UxEfjmbgbklV0HAlnHfjA85sfLw/mPayumcaTwxMdB5VAMe45UaAF16G4vtReuaA
zlU6TVQ/5L0W4+eB30jfKNOVMnUde2iHNRIqOXDsvUV5f7Hp553ehxT+584RPVKP
Kk9CW+wwPCgJkB/gVsopM9SElhzoYcmeNB1h5zKBsBcafQzmkzGAonS3qdYdMo2u
FjVjrUVWocntuqUc5e37mm0KbzrWQstQBjmISOzAJc8ikYOghPZSgskuKEzMp3Sz
KLkyEaLluR5Jd9N89M8Ivp0xJixLYyQJ5LlmWGnTTiH8i36LilhL9FXlQZKPdV7r
irl/hJDrHu7VzQQtAet+AZAUBhdnE/zqtyoDV1pKXQjYHrFIF40=
=pQ5N
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message