Educause Security Discussion mailing list archives
Re: WebDAV
From: Dave Koontz <dkoontz () MBC EDU>
Date: Thu, 12 May 2005 18:52:45 -0400
Gary, I agree completely! However, I can make the same argument for most any file transfer protocol, including FTP, SFTP, Front Page Server Extensions, Macromedia Contribute, etc. So, I guess to change the question slightly, what is the best mechanism to allow users to update their own personal or departmental web sites on IIS. Apache or any other web server, and is compatable with any client OS and authoring product? --- Dave Koontz Associate Director CIS Mary Baldwin College Staunton, Virginia -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn Sent: Thursday, May 12, 2005 5:57 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] WebDAV Flagg, Martin D. wrote:
We have an Windows Administrator here that wants to use webDAV using IIS to open up all file access to the Internet. The interface is very nice but I am concerned about security. I looking for solid technical pros and cons of this idea. The Front-end is a Windows 2003 running IIS connecting to Windows 2000 files servers. I know doing this with Unix would be better but I have no control of that, if it is done it will be Windows. Also, any suggestions for securing it better would be appreciated.
Besides technical issues, you also have to educate computer operators that dragging a document into "that folder" will instantly publish it to the world. That is not something to be taken lightly and can quickly result in a mistake getting cached all over the net. It can take days to purge. -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- WebDAV Flagg, Martin D. (May 11)
- <Possible follow-ups>
- Re: WebDAV Hunter, Laura E. (May 11)
- Re: WebDAV Cal Frye (May 11)
- Re: WebDAV Gary Flynn (May 12)
- Re: WebDAV Dave Koontz (May 12)
- Re: WebDAV Valdis Kletnieks (May 12)
- Re: WebDAV Flagg, Martin D. (May 13)
- Re: WebDAV Valdis Kletnieks (May 13)