Yep. WebDAV is generally a configuration option on an existing HTTP server rather than a whole new server. There’s a chance that WebDAV-specific codepaths could enable some attacks that wouldn’t otherwise be possible, but the fact that the vast majority of its code is shared with the rest of the HTTP server’s functionality makes the chance of that happening minuscule compared to running a whole separate codebase. /a > On Nov 17, 2020, at 08:16, ned+ietf@xxxxxxxxxxxxxxxxx wrote: > > (3) There is concern over the attack surface of an FTP server, but in > practically the same breath (message) people are considering getting > back some functionality by deploying WebDAV.