[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WebDAV or something better?



Quoting Ken Keefe <kaje@digitalfamily.org>:

> I am quickly finishing up a book on Apache 2 and it got to a section on
> publishing extensions and methods. The book talked about DAV for quite
> some time. It appears to me that DAV is like CVS, but for documents. Is
> that a correct assessment?
> 
> The book neglected to mention anything about security with DAV. Is this
> a secure protocol? I am mentally planning a web server that will host
> about a dozen personal/family sites and I would like a secure method of
> publishing. 
> 
> I personally sftp/scp everything to my personal server. As this server
> will have Linux and Windows users, I am looking for something like DAV
> appears to be, but I want to make sure that it is secure. If there is
> some other method that most people use, I'm all ears. I don't want to
> require people to go out and buy sftp clients for Windows. Any thoughts
> on the matter would be welcome.
> 
DAV had the promise to become like CVS for documents.  I don't know how far the
versioning made it into the standard (I haven't used DAV too recently).

DAV is not a protocol unto itself but rather a set of extenstions for your HTTP
or HTTPS server to use to communicate with an HTTP or HTTPS client.  If you're
worried about over-the-wire security, SSL will help greatly.  As for security
on the server side, all of the files will need to be writeable but the web
server user.  You can use htaccess to control various methods (such as GET,
POST, PUT, etc) for directories and resources on the server but the user as
whom the daemon runs has to be able to write to the files to be able to
publish.

I think it's a really handy way to enable people who aren't terribly
web-literate to publish from Office and similar software by simply entering in
the URL of the site, their username, and their password.  I've used it in the
past for collaborative websites and just advise that you use something like
htaccess or some other module to let you pick and choose who can put documents
up to which directories.

It's not as locked down as requiring SCP with encryption and only allowing
certain IPs to publish after they've portknocked a ten port combination but it
does enable easy cooperation on web sites.


Ken Hagan
Technology Consultant
Alacrity-IT, Inc
http://www.alacrity-it.com/
618.499.0108

----------------------------------------------------------------
This message was sent using Alacrity-IT Webmail
	http://www.alacrity-it.com/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.