Yeah, just be wary of WebDAV on prod servers. Check server config by
telnetting to myserver.com:80 and send the following:
OPTIONS / HTTP/1.1
<return>
<return>
It will respond with a list of methods. Anything more than GET, POST
and HEAD and you should check into further server hardening to
eliminate the usage of other HTTP verbs. If the server runs SSL
you'll need to use OpenSSL to generate a tunnel and telnet to the
tunnel itself which will forward requests via SSL to the server.
Of course there are some reasons why you would want WebDAV enabled,
like a Sharepoint server. But that's a special case.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"What difference does it make to the dead, the orphans, and the
homeless, whether the mad destruction is wrought under the name of
totalitarianism or the holy name of liberty and democracy? "
--Gandhi
On Feb 9, 2007, at 9:26 AM, Robert Reil wrote:
That's fine I can set this up on my Dev server.
Robert P. Reil
Managing Director,
Motorcyclecarbs.com, Inc.
4292 Country Garden Walk NW
Kennesaw, Ga. 30152
Office 770-974-8851
Fax 770-974-8852
www.motorcyclecarbs.com
-----Original Message-----
From: Dean H. Saxe [mailto:[EMAIL PROTECTED]
Sent: Friday, February 09, 2007 9:25 AM
To: Carbs Sales&Service
Subject: Re: [ACFUG Discuss] WebDAV, Tortoise SubVersion, DWMX8,
and CFMX7
WebDAV can open you up to some serious security vulnerabilities.
It should
not be opened up on production servers.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"I have always strenuously supported the right of every man to his own
opinion, however different that opinion might be to mine. He who
denies
another this right makes a slave of himself to his present opinion,
because
he precludes himself the right of changing it."
-- Thomas Paine, 1783
On Feb 9, 2007, at 9:18 AM, Robert Reil wrote:
In working with my DataConnection problems in RDS I have stumbled
across this option for Site Configuration
WebDAV (Web-based Distributed Authoring and Versioning) if you
connect
to your web server using the WebDAV protocol:
Since I have to also implement Tortoise Subversion into my grand
scheme of things and wonder if this is the way I should be
starting to
do things? Anyone used Tortoise, and WebDAV w DW yet? Any great
inspirations? phobias?
Robert P. Reil
Managing Director,
Motorcyclecarbs.com, Inc.
4292 Country Garden Walk NW
Kennesaw, Ga. 30152
Office 770-974-8851
Fax 770-974-8852
www.motorcyclecarbs.com
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists Archive @
http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
