-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 7/22/15 1:18 PM, Mark Thomas wrote: > On 08/07/2015 16:22, André Warnier wrote: > > <snip /> > >> With respect, you both don't get it. MS support is deliberately >> pitiful, to emphasize the fact that MS software is by definition >> bug-free and does not really need support. > > I've had several extremely frustrating telephone calls this > afternoon where various levels of Microsoft staff repeating their > position that the WebDAV client is "working as designed" and that > prompting for authentication is a perfectly reasonable response > when trying to connect to a server that does not require > authentication but does have a cert issued by a CA the client > doesn't trust. Yep: "working as designed" means "we designed it to work with our own products under the conditions we ave specified, and nuts to you if you want something different." Otherwise known as the "standards be damned" design principle. I don't know why anyone is surprised, here. > So far the minor security vulnerability (details to follow once > Microsoft provide their final response in writing) is "working as > designed" as well. Hmm. "Microsoft Windows - insecure by design". > There is a nice strap line. I wonder if their marketing folks would > like to use it. I'd be happy to offer them a royalty free license. > > I've asked MS to provide the justification for this position in > writing - mainly because I intend writing up a blog post to make > clear to those who haven't already figured it out that the > Microsoft WebDAV client is, despite the improvements in recent > Windows versions, still buggy and - more importantly - Microsoft > are point blank refusing to fix obvious bugs and (minor) security > vulnerabilities. > > I recall that someone on this list said that they had switched to a > 3rd party WebDAV client and hadn't looked back since. Could that > person remind me what that client was. I'd be happy to give it a > plug in the blog post. South River Technologies' WebDrive. It's a remote filesystem driver that creates a drive letter which maps to some remote share and supports (proper) WebDAV(S) including proper file-locking (as well as local caching of files with lots of configuration options), (S)FTP/FTP(S), Amazon S3, Google Drive, DropBox, SharePoint, and something called "OneDrive", which I've never heard of. I've never used WebDrive for anything other than WebDAV; I'm not sure how great it is for those other protocols, but I suspect it will perform well. Their tech support folks were even kind enough to walk one of my users through the installation and configuration of the software when she called to ask how to download the installer. http://www.southrivertech.com/products/webdrive/ (Note: I have no financial interest in SRT. I'm just a happy user of their product.) > I'll also be updating the Tomcat docs to make it clear that the > Microsoft WebDAV client is unsupported and I'll be removing the > WebDAV fix valve from Tomcat 9 onwards since it fixes bugs in old, > unsupported MS WebDAV clients and there is no way to fix issues > like the current one on the server side. I'll be asking httpd to > add a similar note regarding the supportability of the MS WebDAV > client. +1 I just sent an email to the folks running http://webdav.org/ about Tomcat itself as well as WebDrive. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVr+PrAAoJEBzwKT+lPKRYkwUP/RRE/FZ6WYLlsox2TJ5BHKrP Ns/Ke7SiQ7cDfY7Da7lUjRxOYjlVI6LeLDMENsDSkPGWRU76lUDqVFiLGc3VqHpL KQJlERQ7Qu8Byc8UIz3r6gnnZtNpZTmEk4mHhLr8f9LZ9+MABakgmT3nHWt9utdK X9lyBz3FY9y8stnwhDyXau5tUBUhiM4bA0gy38cqynSQEl2UL92NTAz/cwj13NEZ 6lODrV1wR7bONi2FOeCwfEghq13RaGStdRPTtCI/C7UtG+1eCbicCv9Zjx/+0u13 yNJkUJAUNeSyE5ahFLbiz/WtUTUMulWTSU0uLXs3K0B2fpK3FQU26UYFZPVBMhG1 qNXOcHkdjzoYbfxSTwxsrnrk55daf7bdwjPJ5S/Ljz2nythXGzcZJpq9idNS+9VE 5hYsGd5kxyX1FPUn3/nBNcXBsaf2CgEMM1CEJgLIZqXFcRpV5QNZy0OafUUC1FZX qSHJUJDhvYfuUZ6xK89yidSEiKmHgYPG7hNGgQWe4EbQ1SLLdYpQwRQODrJ3selp Rvq2Qy7pZW1qP454gu1xHIuyGNgoCLzrY60knIr68OzQ96vSSGRC29hWPAEOpeh6 qbYG/s86jxq4FRPnxhSVvf8WJme7O4nmafn4c0D1WVGRH16V1bc4PWMTuwf8bV/j 2d85aDMdyUVpUiyMtrgA =hV9K -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org