See parent: pwsafe
The narrative history of how pwsafe was extended with native WebDAV transport. Branch: webdav. February 2026.
pwsafe has always stored databases on the local filesystem. To access a remote database users needed an OS DAV mount (e.g. /z → https://webdav.critchley.biz/), which is fragile and unavailable everywhere. We added a plugin loader that intercepts pws_os::FOpen/FClose — the only two filesystem entry points in the codebase — and routes URLs through dynamically-loaded .so transport plugins. The WebDAV plugin uses libcurl and implements RFC 4918 LOCK/UNLOCK with a dedicated child process (lock daemon) that holds the server lock token safely across signal handlers and process exit. A full security audit cycle (o3, gpt-5.2, self-review) hardened the code. The result: File → Open URL… in the menu, type https://webdav.critchley.biz/test/mydb.psafe3, done.
• 01-motivation — Why we built this; the /z problem
• 02-architecture — Plugin ABI, loader, FOpen/FClose intercept
• 03-phases — How the six phases unfolded
• 04-lockd — The lock daemon (hardest problem)
• 05-security — Three security audits and what we fixed
• 06-testing — Four test suites + local wsgidav server
• 07-ask — LLM-assisted security review: how the 'ask' utility was used, pros and cons