Security Considerations
When you use WebDAV, keep in mind the following security considerations:
-
Ensure that a WebDAV-enabled server process has read/write permissions to the file systems that need to be controlled.
-
For security reasons, you may wish to configure WebDAV-enabled virtual servers on a different listen socket, one that has restricted access and uses SSL to encrypt transmitted data. See Chapter 6, Using Certificates and Keys for more information on using SSL.
-
Prevent Denial of Service (DOS) attacks by restricting the size of the XML content in the request body. By default, the size is restricted to 8K.
-
Because Basic authentication uses cleartext to transmit authentication details, unless your connection is secure, use Digest rather than Basic authentication to authenticate WebDAV clients.
-
Because PROPFIND requests run the potential risk of unwanted access to server contents, use access control techniques to secure WebDAV-enabled resources.
-
WebDAV, through its source URI facility, can potentially expose URIs containing sensitive information such as script resources. You should be aware of the risks of allowing the remote authoring of scripts, and should limit read and write access to source resources to authorized users only.
-
Prevent excessive memory consumption by restricting the depth of PROPFIND requests. By default, the depth is restricted to 0.
- © 2010, Oracle Corporation and/or its affiliates