|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
WebDav Questions
webappsecquestions
hushmail.com
Date: Sun Sep 07 2003 - 18:22:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I wonder if anyone can help me with a explanation of WebDav security
?
Am I right in saying that despite underlying file permissions, if WebDav
is enabled an attacker just needs to guess a username and password using
regular HTTP authentication to execute the method ? ie if delete is enabled,
do I just have to guess the username and password to delete the index
page.
Can WebDav permissions / methods be set up on a per file basis or a per
server basis?
What does the connect method allow ?
Any good papers about WebDav security ?
Any good tools for exploiting WebDav (exploiting the HTTP methods etc,
not the implementations)
Thanks
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434
Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]