WebApp Sec mailing list archives

WebDav Questions

From: <webappsecquestions () hushmail com>
Date: Sun, 7 Sep 2003 16:22:55 -0700

I wonder if anyone can help me with a explanation of WebDav security
?

Am I right in saying that despite underlying file permissions, if WebDav
is enabled an attacker just needs to guess a username and password using
regular HTTP authentication to execute the method ? ie if delete is enabled,
 do I just have to guess the username and password to delete the index
page.

Can WebDav permissions / methods be set up on a per file basis or a per
server basis?

What does the connect method allow ?

Any good papers about WebDav security ?

Any good tools for exploiting WebDav (exploiting the HTTP methods etc,
 not the implementations)

Thanks



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Current thread:

WebDav Questions webappsecquestions (Sep 07)