[dev] WebDAV/CalDAV integration - first questions

[Evert Pot]

On 2009-09-25, at 5:33 PM, Chuck Hagenbuch wrote:

>>
>>
>> /horde/rpc.php/webdav
>> /horde/webdav.php
>>
>> Or I can combine both the WebDAV and CalDAV directory structure.  
>> The latter might be a bit slower, due to the extra hook-ins the  
>> CalDAV-related plugins have.
>
> I know Jan likes the auto-detection, but I wonder if different  
> endpoints make some sense here. Having a combined endpoint for  
> webdav and caldav of [horde-prefix]/dav/ sounds good to me. How does  
> that work?

I'd prefer to follow the consensus, but I tend to agree. RPC !=  
WebDAV, digging into the code further I've also noticed both the RPC  
and WebDAV elements share the same setup. Although there are  
similarities, it's very much a different beast, and it leads me to  
believe it's a bit of a case of over-abstraction.

>
>> =Authentication=
>>
>> Most clients seem to prefer HTTP Digest over HTTP Basic. Although  
>> HTTP Basic auth is support by virtually any client, many will give  
>> warnings if it's not used in combination with SSL.
>> I've noticed Horde uses Basic everywhere.
>>
>> If you guys want to use Digest, some changes will have to be made  
>> in the authentication system to store an extra hash.
>
> I'd be fine with supporting it, but it does require plaintext  
> passwords, which is its own risk, and not supported by every backend.

There's also the possibility of storing the 'A1' part of the hash,  
which is basically md5(username + ':' + realm + ':' + password); This  
is something that could be done down the road though, but I would  
advice anyone using webdav, to use SSL as long as HTTP Basic is used.

Evert