Please add support CardDAV.

Added CardDAV to the list. Would be nice to have at one point; CalDAV is first though.

Firstly awesome job, you guys are doing. This is the most complete WedDav? solution i have seen. I look forward to it evolving into a full blown product with proper admin screens.

Can you tell me, how much support for RFC3744 there is in the current version, and what the roadmap is for further support?

I can see that there are still outstanding issuses with the RFC and it has still not been standarised.

When connecting through say windows, will the RFC3744 support in SabreDav? be respected and restrict individuals/groups?

Also another thing that just sprung to mind. Is there a way of adding a captcha to prevent web attacks? What is there stopping a brut force attack of a webdav server?

regards

RFC3744 support is decent. A lot of features are implemented, which should allow you to do most stuff you need for ACL. Things like 'deny' rules aren't supported yet, but they will come if their needed.

However, SabreDAV remains primarily a library to do WebDAV things. One of the things this implies is that an Admin interface may not come, just not part of the goals currently. In the case of ACL, you will need to implement this yourself by extending File/Directory classes and adding methods from the Sabre_DAVACL_IACL interface.

Keep in mind though that most standard WebDAV clients don't support RFC3744. While operations will be denied, this may not be reflected well in your WebDAV client of choice, and may even break.

As for your last question, the best way to prevent any type of brute force attacks, is probably to implement logging-in throttling. You'd currently do that by creating your own Auth backend, and implement that there. Any sort of captcha would not be supported by clients.