Mailinglist Archive: opensuse-security (69 mails)

< Previous Next >
Re: [suse-security] tomcat5 webdav and user dirs
  • From: "David Harrison" <david.harrison@xxxxxxxxxxxxxxxxx>
  • Date: Mon, 2 Oct 2006 13:00:27 +1300
  • Message-id: <D8DB3DEB-6A90-47C9-9D0D-3AB03A8B7396@xxxxxxxxxxxxxxxxx>
On 2/10/2006, at 6:22 AM, Wouter wrote:

Hi,
I have installed a few days ago tomcat whit the suse rpms. But i want now that i can make user directoy's. Because the world can now write in de webdav dir....
Is there someone who knows how i can make a few user directory's ?
Greets

I am not sure whether you are asking this question on the correct mailing list.

However from the perspective of security and stability I would suggest that you look into running Apache with mod_dav and mod_auth (or equivalent module for LDAP/MySQL authentication) rather than Tomcat.

The included Tomcat WebDAV application I believe you are referring to is really for demonstration purposes and not intended for production use.
Apache with mod_dav and mod_auth is a more robust solution that receives regular security patches by the development community.

These are two useful resources for setting up Apache and mod_dav:

http://www.mayin.org/aragorn/computers/Mod_DAV.html
http://tldp.org/HOWTO/Apache-WebDAV-LDAP-HOWTO/

Regards,


David

< Previous Next >
This Thread
References