Intro to Apache - ApacheCon 2005
DAV - security
  • Aluded to earlier

  • The files managed via DAV need to be owned by the web user.

  • This directly contradicts what I said earlier

  • Recommendation: Run DAV server on alternate port, very lightweight (small number of threads/processes), running as another user (dav.dav for example), which user owns the files managed in this fashion.

Index
Back to DAV
Forward to cadaver

ApacheCon 2005 : Intro to Apache - Slide #152 of 164