[unisog] uploading folders to with web applications
Allen Mundt at Work
allenatwork at sbcglobal.net
Thu Nov 8 16:41:13 GMT 2007
Many in the security realm would shy away from WebDAV at all costs. It
became a pariah about 4 years ago. In order to turn it on, you actually
need to hack the registry and restart the box. It will do exactly what you
want. The problem is that there is no good way to secure it properly.
Sooooooo....if someone can just copy code onto your server..............
*********************************************************************
L. Allen Mundt
"Pain nourishes courage. You can't be brave if you've only
had wonderful things happen to you."
-- Mary Tyler Moore (1937-) American Actress
*********************************************************************
----- Original Message -----
From: "Michael Holstein" <michael.holstein at csuohio.edu>
To: "UNIversity Security Operations Group" <unisog at lists.dshield.org>
Cc: <unisog at lists.sans.org>
Sent: Thursday, November 08, 2007 8:44 AM
Subject: Re: [unisog] uploading folders to with web applications
>
>> Our development folk tell us that they don't know of any way of doing
>> this without some form of additional software on the remote system.
>> Does anyone out there have any solutions or even ideas that we can
>> pursue?
>>
>>
>
> Well .. sort of, but it comes with IIS (or Apache, etc).
>
> Just enable WebDAV and use NTFS permissions (or Unix ACLs) to secure the
> individual directories, don't allow anonymous access, and force SSL.
>
> You can connect to a WebDAV share natively in most any O/S .. from
> there, it looks just like a physical drive .. you can copy/paste. Some
> applications (eg: MSoffice) also support it directly.
>
> Cheers,
>
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
More information about the unisog
mailing list