-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 7/22/15 1:18 PM, Mark Thomas wrote:
> On 08/07/2015 16:22, André Warnier wrote:
> 
> <snip />
> 
>> With respect, you both don't get it.  MS support is deliberately 
>> pitiful, to emphasize the fact that MS software is by definition 
>> bug-free and does not really need support.
> 
> I've had several extremely frustrating telephone calls this
> afternoon where various levels of Microsoft staff repeating their
> position that the WebDAV client is "working as designed" and that
> prompting for authentication is a perfectly reasonable response
> when trying to connect to a server that does not require
> authentication but does have a cert issued by a CA the client
> doesn't trust.

Yep: "working as designed" means "we designed it to work with our own
products under the conditions we ave specified, and nuts to you if you
want something different." Otherwise known as the "standards be
damned" design principle. I don't know why anyone is surprised, here.

> So far the minor security vulnerability (details to follow once 
> Microsoft provide their final response in writing) is "working as 
> designed" as well. Hmm. "Microsoft Windows - insecure by design".
> There is a nice strap line. I wonder if their marketing folks would
> like to use it. I'd be happy to offer them a royalty free license.
> 
> I've asked MS to provide the justification for this position in
> writing - mainly because I intend writing up a blog post to make
> clear to those who haven't already figured it out that the
> Microsoft WebDAV client is, despite the improvements in recent
> Windows versions, still buggy and - more importantly - Microsoft
> are point blank refusing to fix obvious bugs and (minor) security
> vulnerabilities.
> 
> I recall that someone on this list said that they had switched to a
> 3rd party WebDAV client and hadn't looked back since. Could that
> person remind me what that client was. I'd be happy to give it a
> plug in the blog post.

South River Technologies' WebDrive. It's a remote filesystem driver
that creates a drive letter which maps to some remote share and
supports (proper) WebDAV(S) including proper file-locking (as well as
local caching of files with lots of configuration options),
(S)FTP/FTP(S), Amazon S3, Google Drive, DropBox, SharePoint, and
something called "OneDrive", which I've never heard of.

I've never used WebDrive for anything other than WebDAV; I'm not sure
how great it is for those other protocols, but I suspect it will
perform well. Their tech support folks were even kind enough to walk
one of my users through the installation and configuration of the
software when she called to ask how to download the installer.

http://www.southrivertech.com/products/webdrive/

(Note: I have no financial interest in SRT. I'm just a happy user of
their product.)

> I'll also be updating the Tomcat docs to make it clear that the 
> Microsoft WebDAV client is unsupported and I'll be removing the
> WebDAV fix valve from Tomcat 9 onwards since it fixes bugs in old,
> unsupported MS WebDAV clients and there is no way to fix issues
> like the current one on the server side. I'll be asking httpd to
> add a similar note regarding the supportability of the MS WebDAV
> client.

+1

I just sent an email to the folks running http://webdav.org/ about
Tomcat itself as well as WebDrive.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJVr+PrAAoJEBzwKT+lPKRYkwUP/RRE/FZ6WYLlsox2TJ5BHKrP
Ns/Ke7SiQ7cDfY7Da7lUjRxOYjlVI6LeLDMENsDSkPGWRU76lUDqVFiLGc3VqHpL
KQJlERQ7Qu8Byc8UIz3r6gnnZtNpZTmEk4mHhLr8f9LZ9+MABakgmT3nHWt9utdK
X9lyBz3FY9y8stnwhDyXau5tUBUhiM4bA0gy38cqynSQEl2UL92NTAz/cwj13NEZ
6lODrV1wR7bONi2FOeCwfEghq13RaGStdRPTtCI/C7UtG+1eCbicCv9Zjx/+0u13
yNJkUJAUNeSyE5ahFLbiz/WtUTUMulWTSU0uLXs3K0B2fpK3FQU26UYFZPVBMhG1
qNXOcHkdjzoYbfxSTwxsrnrk55daf7bdwjPJ5S/Ljz2nythXGzcZJpq9idNS+9VE
5hYsGd5kxyX1FPUn3/nBNcXBsaf2CgEMM1CEJgLIZqXFcRpV5QNZy0OafUUC1FZX
qSHJUJDhvYfuUZ6xK89yidSEiKmHgYPG7hNGgQWe4EbQ1SLLdYpQwRQODrJ3selp
Rvq2Qy7pZW1qP454gu1xHIuyGNgoCLzrY60knIr68OzQ96vSSGRC29hWPAEOpeh6
qbYG/s86jxq4FRPnxhSVvf8WJme7O4nmafn4c0D1WVGRH16V1bc4PWMTuwf8bV/j
2d85aDMdyUVpUiyMtrgA
=hV9K
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to