From dev-return-202273-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Mon Oct 7 14:54:44 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 3D1AB1804BB for ; Mon, 7 Oct 2019 16:54:44 +0200 (CEST) Received: (qmail 56013 invoked by uid 500); 7 Oct 2019 14:54:43 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 55997 invoked by uid 99); 7 Oct 2019 14:54:43 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Oct 2019 14:54:42 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 7832E1A0DEF for ; Mon, 7 Oct 2019 14:54:42 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=christopherschultz-net.20150623.gappssmtp.com Received: from mx1-ec2-va.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id KVCkL21jQ3cY for ; Mon, 7 Oct 2019 14:54:38 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.222.176; helo=mail-qk1-f176.google.com; envelope-from=chris@christopherschultz.net; receiver= Received: from mail-qk1-f176.google.com (mail-qk1-f176.google.com [209.85.222.176]) by mx1-ec2-va.apache.org (ASF Mail Server at mx1-ec2-va.apache.org) with ESMTPS id 88567BC8BB for ; Mon, 7 Oct 2019 14:54:38 +0000 (UTC) Received: by mail-qk1-f176.google.com with SMTP id u184so12833816qkd.4 for ; Mon, 07 Oct 2019 07:54:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=christopherschultz-net.20150623.gappssmtp.com; s=20150623; h=to:from:autocrypt:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=GIlSh0Gz+lLOKy1xO0SHm6q81Y5TT07vwRncA6h+Ybg=; b=kRbUgT+bapo1co12Ag5Tbc3WvHdMCrjTgN4HIl1BlluEFy/3r53xnEFjv7ymSnp1YW sMIRF1ZKRWCjY+Rc7vNfmXN5im8vMhgFs7jfv1S2UJ6aUevj9G9hmmCnIYla+8P3KZRR daD97NmV5NF9XjwEKNqudB6/fz8uNHhvVUdsGW2R4ME9qJNgjcRhjAHpBC0YjNMirVvm mBB6FyIa1EmRGAUuK02TodOQwSWMSs/thyURlq8eyryw3olW8YHnWi0l52IjWisSbVWO bP7BjAiYrbIfsMSM8sII3++d4AleQlksz0dxR2m+lUNjhKlWstffwOFwa3w48J9ZPGFU iygg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:autocrypt:subject:message-id:date :user-agent:mime-version:content-language:content-transfer-encoding; bh=GIlSh0Gz+lLOKy1xO0SHm6q81Y5TT07vwRncA6h+Ybg=; b=XC3el+qpMsWwBW/e6tLLcpSTgzF+HJTZO/0eX+4Oct4XdKvLOyCrRqsPgr+NY/liOZ 8iJ66GMG/esMtSt2xvYGm9CK2b2R9ONeU4+ceHn8NSfRwDumkjIW9Enj5GB02YjgVVO4 t64jFpRFWtqYhDYJZq7FRW2TPapnWcBnT7H6HBBv37mX99fpCt4mdEWEhvkAj/V6DfMo Ai30PbkiTzO2XhG8ybXPLrFbYpakJWxjUjHAkPlzMAxLRuDL+lW5+tFRQ6nGAypP5m3m dNvuWPyi7Y3x0rrtAGXoF0jNL05P7kVizAlPao2P5iYjLVrIP/I2oEF+C72iVuKpQCQ3 H1Bg== X-Gm-Message-State: APjAAAWOOpMufNNG+LwhpaVBs2PPmyZrzeeN4pyfw1x5eTrM6TZ6QK9j 6MpFjop6w4bFgYKWcwam5VSfU3/qe0M= X-Google-Smtp-Source: APXvYqyrt4XA58BmqDjUAPH4KvOlofDaISJdIT8n2Iqpseid2Pxg3T7ODQyK4m31KywrFFTlM2dnWQ== X-Received: by 2002:a37:bc84:: with SMTP id m126mr23237512qkf.196.1570460071847; Mon, 07 Oct 2019 07:54:31 -0700 (PDT) Received: from Christophers-MacBook-Pro-2.local (pool-108-48-175-111.washdc.fios.verizon.net. [108.48.175.111]) by smtp.gmail.com with ESMTPSA id 62sm8157246qki.130.2019.10.07.07.54.31 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 07 Oct 2019 07:54:31 -0700 (PDT) To: Tomcat Developers List From: Christopher Schultz Autocrypt: addr=chris@christopherschultz.net; keydata= mQINBE+pgz4BEADd7qAWgqXcNltlB3aow0UneRmNSVjHKgekgs0ZXxG9l50Athksr/3bL/yg bxFB00JcM9W+UxLhKHiMSyzfeBHn9l9wAlLFKs0S91KXTUnRwGFtvgstvGROoqPgTVREklnm yW/KpzOwqSrQ5xHcogaT+XWlXmRbtFypi52Z5HGWlFWWgwx0vKBWHmQayPtCif0v1RDxfdV9 zziodn0TnpfBQsEgf9TDAjkNT8f0ecwTnhSihTDm1W5HCK7Pm5DfUtree1Oh6Ncz2ljlUO0b 3Lai9pX48eZOj7WQXPefkcv2AoUvdELkQKw3klM5YNXbXPf1KAjky+q4DQ1ydD6LkK+9cI3S TeMesTlk/tytOsaN2NH2k87sEpcumbH0AcmPFEnIYUfm4KzWdKlYA6mbV3Pk3tHSuayyJovj h/7Y7BG9p2l7D60r49hzrTPG8VxNkSliNLcSjI3QjYpfhSlqmqXyVKzdzirK1HPr1xfJStig RpLP9nWarZjoXng9N0etGwtH/8roeDPYA8x9ba1KXy/1g/i+RLx2ms+rueCpnFZxU3GZNUSp RfpdUbwCN3Zm1w5Z6SI8X2aSnWWeYzU6HMsV+P4PROnFsgxDeOpyWhyEaaVLXQtOYwcHneHb n56vSG50TkAuHs5kk/3/YDPSsqjsUPOuhKgFMh3iqMTh5DMdSwARAQABtDJDaHJpc3RvcGhl ciBTY2h1bHR6IDxjaHJpc0BjaHJpc3RvcGhlcnNjaHVsdHoubmV0PokCOgQTAQgAJAIbLwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCT6mETgIZAQAKCRDzrVyUpn9wflkxD/9IsahRqHTV /hH5nuPqVO692cQqHvPtMPO6lDb4909VN5T1i+1hFr80P0KVDL6EI78lDBJ2TThWI0o5vFdm sRlei59wsgTvkKTph5QwwOWl7OyzUDX3WbKhkNQdGf4I+/g/1s2bHaRoG30ELdL7cwUPCPrW 0KQwBy7Rtr0WbdujKOw9b/UcgyXEOE1wNcorq/E1o5/6BRYIcFQOO4sjHjGcChOpSg5ms4zb s+Xv3gOtLrbmOPRTXdvBxwJA6kkfQFHvI42kXYghTdqhBVPnHYPqUeavRsb+Yz3ghkZhj35i GfaGyXNwFBikCYjzIaj44NOkT1pU50MgIbjSJ+xoHnC20T942kekqp6wzqUM19Pa9ohsEdA1 Sf6/A7RmpZRrxSIY02ZVnGccnVjglnylVcnxrNAZC3ebxCeZPQ09FBR0Uqlsrdt7A3hlEP2F aoMTSa+hYqfWBGB7uZhcJZIsZspxm8J0txeOzYNSFDl7mF134ShRsq6dpSugCdcdeSWKliBz q0U8sIabOFLMxM0hbwkn2RG4OaurJLWXQf+7IhA/J8TizjkbdxLmR2PiTiVtrx484mpWpbF8 po/em0q/reFnL+JtOM6qlJE/Q4B6PfkchhU5vKPfmGw98t9guyw5G8YSR1rR+SOowHg4T/i2 Rezz1idKmoFpPdNFRPlOAC+d67kCDQRPqYM+ARAAzEItVpzvcgZB+faUWi54lJoA8GnVxXEe OQY+7wk/P5i9GtL0UVXC53j2F87BDVXGalKgVjEVdNY3Cyx+dJ2os65gjxd6ZK18zc6N7YZB Z00XNU9nTz5XImZzHn4VmeXYMQrKO/981nCNPlV6CVdgGg9wl1Ij5Sh8SSTb8kWSo1ngx+XX 4yJNUbfSh32yMPVGI7ZcoZLm9gdgTOOnuEkeeGs/lPvYN+1Cv/YtvkPybSOSWSdHxIVU4Iko 6V7IkM1amjdwKfoeg+CLhZsbY7VLAzVtGvaF5z4rtJtCfTfhbYD0wS8afEBcvsew1HdtYDT5 AJqojeZBGDuY7JCgALc3HCy34Zzk+mi1qwvrm5i/CBMuIvjxB2MkzhHQNUD20fzdRcoIgw4J IzbqZLlOpVFehDXzKT/h5vh+Uv7s6Rz5gP5i0Rkcghw00mRBvuN8mpQnLt4hYL22cNh/tk0L Fxda7ZaPehu7ug4E5FEB0Ifm1KV18P7Kpfu8tiSLz7rl++x73o4uv4bk1ZnjO/jFsx0KLGwq VxR276ZIwsV4WpLYvJ5fR0kqqd/TOKXGSEA0eGxWTeb/fNtkYemRVoasB1+rqjh/Rz0p20o8 elkqDhpzzhrMNzEMYkLySu7npWCeWW4Nd6097+OG9BCLO+ndGmAcupdu6WMEj2UlWsQxuCYC PgsAEQEAAYkEPgQYAQgACQUCT6mDPgIbLgIpCRDzrVyUpn9wfsFdIAQZAQgABgUCT6mDPgAK CRAc8Ck/pTykWO6WD/0XlAG4D4GwzzuOfh7DG6cm/I0vmASEJkY5ghStW4GUbYosgS/btyj/ YPWzVh4HWMvuA6YYKCuz/CM3h34dR25XmHqUdOyJOCnMJ3psdv5YsytgnEdvINZALlDdBX3G sfytgS0KnVjAc92LfJOxHAsZf4zE3SU28FMX7jCgeqO3YrvkHsZ8dzzgw3QYT0J3NcYfkflb DPBXBDGrvdUuea/w6F17pctdRdt7jE3JiLFq2F9ehXOSsIwecUlqVYiCRuxblD4cJ6gKMn0y 8zllW4GyIbf/+mNLkpKoMPYnptDvcEojluHtwbkSfF5AwgJbm6pfs9a2vpGBVko+dBXGh4/T 3qNYxeGEAsI0psEJu3EZN9dYv/ZOb69DUJ6SwEKp/L7lU7C8HoLx/MpKtuJO9OS5uuAhdBSi GqfaN9zP2NxPXSwnexVK2exy/h5sUevDsnBEHmyxe5GRSrIilyijLtlYhq2W7G95poxIFZuL Db98R+7VR9Yl9uOZ6kRBJmzp9X2oB8MDHoKe4QEuiRx/5/DNxB8i2QoTWN/BfluTSfVpO5rf jSXlaUuFOnouBrWdmbaBdg+47m4IGEz129Zdf+y+ISexQ6P16ZY1oYxYlbQSaEwk0+TJ4B0C uvMHwPF3SDH2LeRx+mK2OvwnVulvj2+WdW/rIVgwhwbKmBLj40R+Uq4zD/4iRxJ5PF1ynjxR po3Izp/ZrYWrPgtBg0jUZ8DdlAiRHCFGPpccK8RvBWXmtzF4XQsV39aPBqcE3W6IcTnIMrDi 6mnqealpfiUq+4RGNfRFN9wtgViZLy/FRWi76k+vo/Jmp7/K9JblGX48D2JL9FX0w5PXkpE4 abmY1OASQUiwoJ4n1asxwEonSaWeYbI7X5IqdvevGyfYdSn4VEywdrYGtWjsWlZ/DPofPwsI bQXGY6o+wg9lDAk2L2nVTa05XuyOooUPwKLD0WrLOIxLmcbVv/tgJG03/uI4iDitSofTKnpz E+xdpfFIyw1Mb8PO4WJi0gpHmmLUbG8AMLS+8wSDFwIA4TXQFy9suXXzLuuzML+G5h9Mo5D6 q5HsIe59lhdwk7oEPZJ1NWLfLavTENQg5ObS2YT1KaFskFxxgtcU0aBytAxTjkgGRB8UunXl NJeCuTIAUxXw41P93V4Khigc5dEOG1kEDoq0dAlAE7AbL6Vzc/Go+UwivtUil3sXADOyM9PT JjLNnye+2V0ywQncJ1AG6sxICpPKzv8oYP6xwurEuKnF8DAWEHEwT+Fb277Idv1v8uMGvltp coe7olE0O+TRUtMEwtEp4g4m8ym1rJI/yfwXtHkS8QcVBA9LRqcWEna1VPlT1pk3BSq/1xQa F/4OLScBfV2JbF93sN0SLw== Subject: [PROPOSAL] Tomcat 10: Remove WebDAV Message-ID: <338a6419-c47b-6009-6df2-8e9847a0e731@christopherschultz.net> Date: Mon, 7 Oct 2019 10:54:30 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All, I recently gave a presentation on locking-down Apache Tomcat[1] and I briefly discussed the "sharp edges" present in Tomcat. Some of them are unnecessarily sharp and may be actually unnecessary. I'm going to make a few proposals to remove functions from Tomcat. Proposal: Remove WebDAV Justification: WebDAV is a protocol that never really took off[2]. Read-only WebDAV can practically be replaced by standard HTTP GET and read-write WebDAV has a host of security problems. There are better solutions to supporting WebDAV than using the Tomcat module. A recent search of the users mailing list shows only 10 threads regarding WebDAV in the past 6 years. - -chris [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc at [2] And yet I love WebDAV very much and wish it has better support on Windows -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bUaYACgkQHPApP6U8 pFgpvw//fpgWZWxg+c0PsXqQK/Vyw5EBDxjq4ulXVxpO2MMI7On2iP7DaUUfCIPR bd1ijbOEjydIHeD2Gu4hj+I9as2/avTjkVlzi3fhWsLypHWJ9x0vw+M9elJBapTY +FtMj1e4U2QPvf98lDyaBMoSHCDIBZbGq0E5AlDVwjgCgJmxzT1FNQJI90gGwtiw PYsLaNuMZc2gwzgyQ3978kL4zwFG3gWVSexNfiI2g3GEvpUhfh7fitskxwN8rILU l/HJCJ6HiCRoISWwIPE/m+yAFzaYcWtcBaQzx5IiiJTG1LLSiLO79M6Sj6bnYDSG UxEfjmbgbklV0HAlnHfjA85sfLw/mPayumcaTwxMdB5VAMe45UaAF16G4vtReuaA zlU6TVQ/5L0W4+eB30jfKNOVMnUde2iHNRIqOXDsvUV5f7Hp553ehxT+584RPVKP Kk9CW+wwPCgJkB/gVsopM9SElhzoYcmeNB1h5zKBsBcafQzmkzGAonS3qdYdMo2u FjVjrUVWocntuqUc5e37mm0KbzrWQstQBjmISOzAJc8ikYOghPZSgskuKEzMp3Sz KLkyEaLluR5Jd9N89M8Ivp0xJixLYyQJ5LlmWGnTTiH8i36LilhL9FXlQZKPdV7r irl/hJDrHu7VzQQtAet+AZAUBhdnE/zqtyoDV1pKXQjYHrFIF40= =pQ5N -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org