|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
is webdav + SSL secure with IIS6If it is, any sites/posting that confirm it would be welcome. The reason I ask is that i've been trying to presure our IS department into allow webenabling of some fileshares to allow off campus access but they are refusing on grounds of secure as they have been told by microsoft support that webdav is too insecure to allow web-enabling of directories. Personally I think they were refering to just webdav on its own where the auth is secured (depending on the type of auth of course) but the data is sent unencrypted. With SSL the whole lot seems to be encrypted. They are planning to roll out a clientless VPN solution (aka SSL over HTTP) eventually (maybe a year or so) so it will be solved eventually but I would like to know one way or the other if webdav + SSL is secure or not. We do already use it else where as it appears secure from our research but it would be nice to have a definitive answer one way or the other. Night -- What do you mean "secure"? Secure against what?
If you mean: "is the content encrypted between server and client?" then the answer is "yes, it is secure". It's not different to any other traffic that's secured via SSL. The certificates can be used to authenticate/identify client and server, and the SSL session used to encrypt the data transmission. Cheers Ken Show quoteHide quote "jsntu" <polym***@gmail.com> wrote in message news:1115597831.631303.233250@z14g2000cwz.googlegroups.com... : Morning, does anyone know if webdav over SSL is secure? : If it is, any sites/posting that confirm it would be welcome. : : The reason I ask is that i've been trying to presure our IS department : into allow webenabling of some fileshares to allow off campus access : but they are refusing on grounds of secure as they have been told by : microsoft support that webdav is too insecure to allow web-enabling of : directories. : : Personally I think they were refering to just webdav on its own where : the auth is secured (depending on the type of auth of course) but the : data is sent unencrypted. : With SSL the whole lot seems to be encrypted. : : They are planning to roll out a clientless VPN solution (aka SSL over : HTTP) eventually (maybe a year or so) so it will be solved eventually : but I would like to know one way or the other if webdav + SSL is secure : or not. : We do already use it else where as it appears secure from our research : but it would be nice to have a definitive answer one way or the other. : : Night : -- : 
Other interesting topics
Please help, directory level protection needed.
ASP.NET, IIS 6 Integrated Win Authentication, Domain usage Client Permissions required for Integrated Authentication? Unable to set up client certificate, error 403.7 HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Digest authentication Multiple SSL identities on the same E3K front end server Guestbook in Frontpage "the function requested is not supported" on IIS6 with Win2K client Why rename the IUSR account? Selfssl.exe for multiple vhosts |
|||||||||||||||||||||||
