Siguccs 03 paper 62 webdav what it is what it does why you need it
This presentation is the property of its rightful owner.
Sponsored Links
1 / 37

SIGUCCS ‘03 Paper # 62 WebDAV: What It Is, What It Does, Why You Need It PowerPoint PPT Presentation


  • 59 Views
  • Uploaded on
  • Presentation posted in: General

SIGUCCS ‘03 Paper # 62 WebDAV: What It Is, What It Does, Why You Need It. by Luis O. Hernández Mahmoud Pegah. The WebDAV Session. Explain WebDAV Demonstrate the use of WebDAV in both Windows and Apple systems Share Ringling School’s framework

Download Presentation

SIGUCCS ‘03 Paper # 62 WebDAV: What It Is, What It Does, Why You Need It

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Siguccs 03 paper 62 webdav what it is what it does why you need it

SIGUCCS ‘03Paper # 62WebDAV: What It Is, What It Does, Why You Need It

by

Luis O. Hernández

Mahmoud Pegah


The webdav session

The WebDAV Session

  • Explain WebDAV

  • Demonstrate the use of WebDAV in both Windows and Apple systems

  • Share Ringling School’s framework

  • Address issues that Ringling School has experienced with WebDAV

  • Propose suggestions that could make WebDAV stronger and more usable


Webdav what is it

WebDAV: What Is It?

  • WebDAV: Web Distributed Authoring and Versioning

  • Allows web development teams and other workgroups to share files

  • Allows easy setup for administrators and ease of use for users


Distribution installation and configuration

Distribution, Installation, and Configuration


Webdav distribution used

WebDAV: Distribution Used

  • Apache v1.3.27

  • WebDAV module v1.3.6

  • LDAP module v2.3

  • Netscape LDAP v4.1


Webdav installation

WebDAV: Installation

  • Include the WebDAV and LDAP module with the Apache installation during configuration:# Apache web server configure command./configure \--prefix=/local/apache_1.3.27 \--enable-module=proxy \--activate-module=src/modules/dav/libdav.a \--activate-module=src/modules/ldap/mod_auth_ldap.c


Webdav configuration part 1

WebDAV: Configuration (Part 1)

  • You do not need to do anything to the Apache configuration until you require LDAP support:# Enable WebDAV supportAddmodule mod_dav.cDAVLockDB /local/apache/var/DAVLock


Webdav configuration part 2

WebDAV: Configuration (Part 2)

  • Two configuration options for authentication mechanisms:

    • WebDAV with standard htpasswd support

    • WebDAV with LDAP support


Webdav configuration part 3

WebDAV: Configuration (Part 3)

  • Simple configuration within a directory enables WebDAV support:# WebDAV folder for a Project<Directory "[DocumentRoot]/project">DAV On#RSADShareDAVOwnerUID [owneruid]#RSADShareDAVSize [Quota in MB]AllowOverride NoneAuthName "[Project Title]"AuthType BasicAuthUserFile [/.hiddenFolder/.hiddenFile]<Limit [PUT DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK]>Require user [user names]Order Deny,AllowDeny from allAllow from trusteddomain.com</Limit></Directory>


Webdav configuration part 4

WebDAV: Configuration (Part 4)

  • Simple WebDAV Configuration

Web Server

Other Clients

Mac OS X Clients

Windows Clients


Webdav configuration part 5

WebDAV: Configuration (Part 5)

  • WebDAV configuration with LDAP support# WebDAV folder for a Project<Directory "[DocumentRoot]/project">DAV On#RSADShareDAVOwnerUID [owneruid]#RSADShareDAVSize [Quota in MB]AllowOverride NoneAuthName "[Project Title]"AuthType Basic<Limit [PUT DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK]>Require user [user names]Order Deny,AllowDeny from allAllow from trusteddomain.com</Limit>LDAP_Server ldap.yourdomain.comLDAP_Port 389Base_DN "[BaseDN]"UID_Attr uid</Directory>


Webdav configuration part 6

WebDAV: Configuration (Part 6)

  • WebDAV configuration with LDAP support for user authentication

Web Server

LDAP Server

Other Clients

Mac OS X Clients

Windows Clients


Webdav configuration part 7

WebDAV: Configuration (Part 7)

  • User files are available through the Internet. Unless user publishes a website, s/he may want to prevent Internet access to those files. To do that, include the “GET” and “POST” attributes in the “Limit” directive.


Webdav other distributions

WebDAV: Other Distributions

  • Servers

    • Internet Information Server

    • Mac OS X Server

    • Neon Web Server v0.23.9, open source


Webdav other distributions1

WebDAV: Other Distributions

  • Clients

    • Microsoft Windows 2000 and up

    • Mac OS X

    • GNOME Nautilus

    • KDE

    • Goliath (Mac OS 9)

    • Java DAV Explorer for JVM

    • Cadaver for UNIX terminals


Webdav other distributions2

WebDAV: Other Distributions

  • Additional Client Distributions

    • jEdit WebDAV plugin for Jedit text-editing application

    • Eldav for Emacs

  • APIs

    • PerlDAV

    • PythonDAV

  • File-system driver

    • DAVfs for Linux


How to connect to a web share

How to Connect to a Web Share


Webdav connect from windows

WebDAV: Connect from Windows

  • Depends on the version


Webdav connect from apple

WebDAV: Connect from Apple

  • Click on the Desktop

  • Press Command Key + K

  • Enter the share address and your credentials when prompted


Webdav monitoring the shares

WebDAV: Monitoring the Shares

  • Ringling School created custom monitoring tools to check for quota usage on each share

  • The following attributes were added to the WebDAV Apache configuration for the custom tool:

    • RSADShareDAVOwnerUID (user name)

    • RSADShareDAVSize (MB)

  • Scripts are available at http://www.rsad.edu/~lhernand/webdav


Security

Security


Webdav authentication

WebDAV: Authentication

  • WebDAV authentication is sent in clear text

  • For security purposes, allow only campus connections to the shares

  • Apple will enable encrypted connections to WebDAV shares from their upcoming OS, Panther


Webdav dos attacks

WebDAV: DoS Attacks

  • Multiple users could create a DoS situation if they upload large files at the same time

  • An increase in server memory and an increase in Apache processes should diminish the probability of DoS


Webdav module signature

WebDAV: Module Signature

  • All Apache modules, including WebDAV, are identified in the server signature

  • NetCraft.net provides information about any server on the Internet

  • Malicious intruders can use the server signature to find vulnerabilities in the system


Lessons learned

Lessons Learned

No Quota System

Single Authoritative User

Replication


Webdav no quota system

WebDAV: No Quota System

  • Custom monitoring tools necessary to enforce quota usage

  • Tools report quota breach to administrator

  • Tools available at http://www.rsad.edu/~lhernand/webdav


Webdav single authoritative user

WebDAV: Single Authoritative User

  • A typical install of Apache does not allow for changing the running user identification

  • Apache can be installed to allow for changing the running user identification, but then it must also run as root, which is in itself a security vulnerability

  • All web shares are owned by one user who also owns Apache running processes

  • Users can overwrite each other’s files in a share


Webdav replication

WebDAV: Replication

  • Apache v1.3.27

  • WebDAV module v1.3.6

  • LDAP module v2.3

  • Netscape LDAP v4.1

  • Solaris 8

  • SunFire 280R, 2GB memory


Helpful suggestions

Helpful Suggestions

Directory Quotas

Quota Attributes

Apache SetUID

WebDAV Support in NAS Devices


Webdav directory quotas

WebDAV: Directory Quotas

  • Some software vendors (Novell) already support directory quotas

  • No open source solution yet available

  • Allows web shares to comply with quota limits with a single authoritative user


Webdav quota attributes

WebDAV: Quota Attributes

  • New attributes that work with the WebDAV module would alert users of quota breaches and would set quota limits

    • DAVDiskLimit – sets quota limit in MB

    • DAVOwner – email address of user

    • DAVAlertOn – alarm limit to alert owner


Webdav apache setuid

WebDAV: Apache SetUID

  • Allow the WebDAV module to set the ownership of the running process so that it can act on behalf of authenticated users and not the process owner of the web server

  • Internet Draft, Quota and Size Properties for DAV Collections, explains properties and minor behaviors needed for clients to interoperate with quota implementations on web foloders


Webdav support in nas devices

WebDAV: Support in NAS Devices

  • Network Appliance Servers support CIFS, NFS, HTTP, FTP, and NDMP, but not WebDAV

  • WebDAV support in NAS devices would be easy to implement since HTTP is already supported

  • Administration of WebDAV enabled NAS devices would improve with a WebDAV “broker”


Webdav nas webdav broker

WebDAV: NAS WebDAV Broker

  • Clients would connect to the WebDAV broker instead of the NAS devices

  • The WebDAV broker would be responsible for authenticating the users with an LDAP server

NAS

NAS

NAS

LDAP Server

WebServer

Other Clients

Mac OS X Clients

Windows Clients


Webdav nas webdav broker1

WebDAV: NAS WebDAV Broker

  • After authentication, the broker would send a list of available shares to the client

  • The client then connects to the NAS devices directly

NAS

NAS

NAS

Other Clients

Mac OS X Clients

Windows Clients


Webdav announcing a new service

WebDAV: Announcing a New Service!

  • Service initially released with a minimal amount of users

  • Faculty learns of web share availability with introduction to IT upon employment

  • Online tutorials available at http://www.it.rsad.edu

  • Students have been helpful in spreading the word


Thank you

Thank You!


  • Login