Re: WebDAV

[Dave Koontz <dkoontz () MBC EDU>]

Gary, I agree completely!  However, I can make the same argument for most
any file transfer protocol, including FTP, SFTP, Front Page Server
Extensions, Macromedia Contribute, etc.

So, I guess to change the question slightly, what is the best mechanism to
allow users to update their own personal or departmental web sites on IIS.
Apache or any other web server, and is compatable with any client OS and
authoring product?


---
Dave Koontz
Associate Director CIS
Mary Baldwin College
Staunton, Virginia


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn
Sent: Thursday, May 12, 2005 5:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] WebDAV

Flagg, Martin D. wrote:

> We have an Windows Administrator here that wants to use webDAV using
> IIS to open up all file access to the Internet.  The interface is very
> nice but I am concerned about security.  I looking for solid technical
> pros and cons of this idea.  The Front-end is a Windows 2003 running
> IIS connecting to Windows 2000 files servers.  I know doing this with
> Unix would be better but I have no control of that, if it is done it
> will be Windows.  Also, any suggestions for securing it better would
> be appreciated.

Besides technical issues, you also have to educate computer operators that
dragging a document into "that folder" will instantly publish it to the
world.

That is not something to be taken lightly and can quickly result in a
mistake getting cached all over the net. It can take days to purge.


--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.