Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Apache: Users

DAV access control

  

 
Apache users RSS feed   Index | Next | Previous | View Threaded


skrishnamur1 at bloomberg

Nov 10, 2009, 7:00 AM

Post #1 of 3 (372 views)
Permalink
DAV access control
Hi,

We are looking to setup SVN over apache, but it requires the use of DAV. There are apparently security concerns over the use of DAV over apache 2.2., in the sense that it would allow users to anonymously write content to apache, even outside of the context of SVN. Are there any workarounds to securely enable DAV and disallow anonymous writes etc... Pointers to relevant literature would be appreciated.

Thanks


kremels at kreme

Nov 10, 2009, 7:43 AM

Post #2 of 3 (350 views)
Permalink
Re: DAV access control [In reply to]
On 10-Nov-2009, at 08:00, skrishnamur1 [at] bloomberg wrote:

> We are looking to setup SVN over apache, but it requires the use of DAV.

requires? I though SVN over DAV was a particular configuration option?

> There are apparently security concerns over the use of DAV over apache 2.2.,

There are?

> in the sense that it would allow users to anonymously write content to apache, even outside of the context of SVN.

Er… no, I don't think so.


--
NEXT TIME IT COULD BE ME ON THE SCAFFOLDING
Bart chalkboard Ep. 2F12


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd


aw at ice-sa

Nov 10, 2009, 8:20 AM

Post #3 of 3 (341 views)
Permalink
Re: DAV access control [In reply to]
skrishnamur1 [at] bloomberg wrote:
> Hi,
>
> We are looking to setup SVN over apache, but it requires the use of DAV. There are apparently security concerns over the use of DAV over apache 2.2., in the sense that it would allow users to anonymously write content to apache, even outside of the context of SVN. Are there any workarounds to securely enable DAV and disallow anonymous writes etc... Pointers to relevant literature would be appreciated.
>
There is nothing to stop you securing a <Location> handled by DAV, just
like you would secure any other section of your webspace.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd
" from the digest: users-digest-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

Apache users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.