Mark Thomas wrote:
On 08/07/2015 16:22, André Warnier wrote:
<snip />
With respect, you both don't get it. MS support is deliberately
pitiful, to emphasize the fact that MS software is by definition
bug-free and does not really need support.
I've had several extremely frustrating telephone calls this afternoon
where various levels of Microsoft staff repeating their position that
the WebDAV client is "working as designed" and that prompting for
authentication is a perfectly reasonable response when trying to connect
to a server that does not require authentication but does have a cert
issued by a CA the client doesn't trust.
So far the minor security vulnerability (details to follow once
Microsoft provide their final response in writing) is "working as
designed" as well. Hmm. "Microsoft Windows - insecure by design". There
is a nice strap line. I wonder if their marketing folks would like to
use it. I'd be happy to offer them a royalty free license.
I've asked MS to provide the justification for this position in writing
- mainly because I intend writing up a blog post to make clear to those
who haven't already figured it out that the Microsoft WebDAV client is,
despite the improvements in recent Windows versions, still buggy and -
more importantly - Microsoft are point blank refusing to fix obvious
bugs and (minor) security vulnerabilities.
I recall that someone on this list said that they had switched to a 3rd
party WebDAV client and hadn't looked back since. Could that person
remind me what that client was. I'd be happy to give it a plug in the
blog post.
If that person was me, I was mentioning WebDrive
(http://www.southrivertech.com/products/webdrive/)
I'll also be updating the Tomcat docs to make it clear that the
Microsoft WebDAV client is unsupported and I'll be removing the WebDAV
fix valve from Tomcat 9 onwards since it fixes bugs in old, unsupported
MS WebDAV clients and there is no way to fix issues like the current one
on the server side. I'll be asking httpd to add a similar note regarding
the supportability of the MS WebDAV client.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
