The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WebDav on CPanel

Discussion in 'General Discussion' started by sparek-3, Apr 5, 2006.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I did a search for WebDav, but it looks like most of the posts are relatively old.

    I'm just wondering how secure it is to offer a WebDav solution on a shared hosting server. I will admit that I haven't played around with WebDav very much at all, but it would seem that in order to use WebDav to upload files, you would have to set permissions on the WebDav folder on the server to 777, in which case the directory would be considered open. I try to avoid situations that require a directory to have these open permissions as much as possible and because of this, I'm not sure how good of a solution WebDav would be for a shared hosting server. I stress shared hosting server here, because with a shared hosting server you may have several accounts set up on the server, and one of those accounts may have an exploitable script that would allow outside users to access these open directories, while the same issue would be present in a dedicated server with just a single account on the server, it is much easier to keep scripts up-to-date and is just a much more manageable issue.

    Like I said, I will admit that I haven't used WebDav, but just started looking into it a couple of days ago. I really do not see that much of a point regarding it, but perhaps it does something that I am missing.

    I am just wondering if having mod_dav installed has any affect on CPanel. Do any other CPanel hosts have mod_dav installed? How do you combat security with WebDav?
     
  2. Lord Merlin

    Lord Merlin Member

    Joined:
    Jan 21, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Hi sparek-3

    Did you look further into this. I'm also interested to know whether it's safe, and worth it to offer webdav. I need to use it myself. Not that I know much of it, but mozilla calendar requires it to share a remote calendar, so I'm looking into the possibilities.

    Anything I should look out for? Anyone installed it yet?
     
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    I did get mod_dav installed on a testing server. However, with the need to have a directory either with 777 permissions or owned by the webserver user, I just did not see this as a secure solution.

    Again, I can reiterate that I haven't used WebDav extensively, or followed its development. But I really don't see why something such as a MySQL database cannot be used as a backend for storing or POSTing data to. Maybe there is a specific task that only WebDav can do or does it better.

    I just don't have enough of an understanding of WebDav, and to be honest, we haven't had a lot of customers or would be customers inquire about it. So at this time, we are not offering it on our shared hosting servers. Perhaps if we begin to receive a lot of requests for this, we may revisit it and see what can be done.
     
Loading...

Share This Page