Women in Technology

Hear us Roar



Article:
  Serve Your iCal Calendars Using WebDAV
Subject:   pathetic security
Date:   2002-09-23 06:53:02
From:   mrprofessor
1)Using "Basic Authentication" is a BAD idea. It send your password as cleartext over the internet (where anyone can steal it).


"Digest Authentication" is just as easy (or difficult) to set up, and is more secure.


Since digest authentication (the version used by the mod_auth_digest apache module)is supported by iCal and by major current browsers like Mozilla and IE, there's no reason NOT to use it.


2)Also, I would use a limit statement like


<LimitExcept GET HEAD OPTIONS>
require user joe
</LimitExcept>


listing what http commands an unauthenticated user CAN use, rather than trying to list all the commands he CAN'T use.


When you set up a webDAV server, you are granting remote users on the internet write-access to your web-server.


This ought to scare you enough that you implement some decent security.