Educause Security Discussion mailing list archives

Re: WebDAV

From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 12 May 2005 17:57:29 -0400

Flagg, Martin D. wrote:

We have an Windows Administrator here that wants to use webDAV using IIS
to open up all file access to the Internet.  The interface is very nice
but I am concerned about security.  I looking for solid technical pros
and cons of this idea.  The Front-end is a Windows 2003 running IIS
connecting to Windows 2000 files servers.  I know doing this with Unix
would be better but I have no control of that, if it is done it will be
Windows.  Also, any suggestions for securing it better would be
appreciated.


Besides technical issues, you also have to educate
computer operators that dragging a document into
"that folder" will instantly publish it to the world.

That is not something to be taken lightly and can
quickly result in a mistake getting cached all over
the net. It can take days to purge.


--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

WebDAV Flagg, Martin D. (May 11)
- <Possible follow-ups>
- Re: WebDAV Hunter, Laura E. (May 11)
- Re: WebDAV Cal Frye (May 11)
- Re: WebDAV Gary Flynn (May 12)
- Re: WebDAV Dave Koontz (May 12)
- Re: WebDAV Valdis Kletnieks (May 12)
- Re: WebDAV Flagg, Martin D. (May 13)
- Re: WebDAV Valdis Kletnieks (May 13)