WebDAV and authentication types

WebDAV and authentication types

Posted by: bobocat
Posted on: 2009-08-10 23:20:00

Hi,

It seems that XP and Vista disallow Basic Authentication for WebDAV / Web Folders by default. Although it is possible to override this setting by editing the registry, is there any reason why DH is using the relatively insecure Basic Authentication as opposed to more secure methods? It seems that MS recommends Kerberos or NTLM.

Cheers

Re: WebDAV and authentication types

Posted by: andrewf
Posted on: 2009-08-11 10:48:00

Kerberos requires a significant amount of infrastructure to implement (several dedicated key servers, and many headaches), and NTLM is Windows-only. I've created an issue for the developers to look into at some point, though.

If you're really concerned about security for your WebDAV directories, though, we highly recommend setting it up on an HTTPS domain.

Tags: web folderswebdavauthenticationcheers