WebApp Sec mailing list archives
RE: HTTP CONNECT and WebDav Authentication
From: "Kevin Spett" <kspett () spidynamics com>
Date: Tue, 16 Sep 2003 11:30:40 -0400
The CONNECT method is described here: http://asg.web.cmu.edu/rfc/rfc2616.html#sec-9.9 Auth for WebDAV is handled by the webserver using normal HTTP auth solutions like Basic, Digest, integrated NTLM on IIS, etc. Kevin Spett SPI Labs http://www.spidynamics.com/
-----Original Message----- From: webappsecquestions () hushmail com [mailto:webappsecquestions () hushmail com] Sent: Monday, September 15, 2003 10:29 PM To: webappsec () securityfocus com Subject: HTTP CONNECT and WebDav Authentication Can anyone explain to me what HTTP Connect allows and how someone would exploit a site that has it enabled ? Also how does authentication work with WebDav ? ie if the DELETE method is enabled, how does the web server authenticate a request to delete a file and where is that username and password kept. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- HTTP CONNECT and WebDav Authentication webappsecquestions (Sep 15)
- RE: HTTP CONNECT and WebDav Authentication Kevin Spett (Sep 16)