[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: WebDAV
From: |
Robin Green |
Subject: |
Re: [Gnu-arch-users] Re: WebDAV |
Date: |
Fri, 9 Apr 2004 20:26:36 +0100 |
User-agent: |
Mutt/1.5.4i |
On Fri, Apr 09, 2004 at 02:00:37PM -0400, Eric S. Johansson wrote:
> OK, this looks fairly simple. In its raw form it's probably read/write
> without authentication from your comments about .htaccess. first
> question: how can we make it more failsafe to prevent unintended
> unrestricted write access? Second, what authentication systems can we
> use that aren't so fragile as HTTP basic authentication?
HTML forms or whatever you want, over HTTPS?
But then, unless you pay a well-known CA, you have the "man in the middle
stealing your password using a fake certificate" vulnerability, which is
why it's better to use sftp IMO.
> Can we use
> digest? http://httpd.apache.org/docs/howto/auth.html#digest
Hmm, sounds like it might actually be more secure than HTTPS in practice
for this purpose, because the password can't be stolen even by a man
in the middle, and nor can a man in the middle interfere with a request.
Another possibility is chrootssh.sf.net :) I like that one best actually,
because a simple chroot with only like 3 archives in it would be
really really easy to manage.
> it would be preferable if the webdav methods supported some form of
> cookie system.
Why? Efficiency? With chrootssh you would get the efficiency by only having
to authenticate once.
--
Robin
pgppPbzXDoGLL.pgp
Description: PGP signature
- Re: [Gnu-arch-users] Re: WebDAV, (continued)
- Re: [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Aaron Bentley, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Robin Green, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Dustin Sallings, 2004/04/09
- [Gnu-arch-users] Re: WebDAV, Eric S. Johansson, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV,
Robin Green <=
- Re: [Gnu-arch-users] Re: WebDAV, Charles Duffy, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Robin Green, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Colin Walters, 2004/04/09
- Re: [Gnu-arch-users] Re: WebDAV, Andrew Suffield, 2004/04/09