1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Webdav vs Ftp, which is better and more secure?

Discussion in 'Web and Network Services' started by olav, Jun 23, 2010.

  1. olav

    olav New Member

    Messages:
    349
    Likes Received:
    0
    A friend of me want to borrow some space for saving documents easily over a network folder. He prefer using Windows where he can easily mount a webdav folder or a ftp folder as network location.

    I configured Apache with the webdav modules and created a digest authentication. Worked great except for a weird IE8 bug where lan settings with auto detection enabled would cause Webdav to be horribly slow.

    I also setup vsftpd which is A LOT faster than Webdav. And there are no weird IE bugs :)

    However what about security? Does Webdav send login parameters in plain text as ftp? I guess I also need to configure firewall rules to prevent brute force attacks for both technologies?

    What technology should I go for?
     
  2. takizo

    takizo New Member

    Messages:
    3
    Likes Received:
    0
    It's better and easier to run on FTP.

    If security is highly concern, you can generate a certificate and do SSL FTP on vsftp.
     
  3. phoenix

    phoenix Moderator Staff Member Moderator

    Messages:
    3,409
    Likes Received:
    2
    FTP needs to die!! In fact, any protocol that requires separate communications and data ports, with the remote server connecting back to the client, that won't work through NAT, needs to die!! Especially if it won't work through a double-NAT (NAT on client, NAT on server). (Yes, I am looking at all you VoIP protocols ...)

    Unfortunately, there's no really nice, easy, drop-in replacement for FTP. If only SFTP/SCP were better supported in file managers, and easier to configure on the server for shell-less accounts.

    WebDAV sounds nice on paper. I haven't actually used it, though, so can't really speak to how well it works as a replacement file transfer protocol.
     
  4. olav

    olav New Member

    Messages:
    349
    Likes Received:
    0
    Actually right now I use SFTP. While it's not possible to mount it as a disk in Windows, my friend can use WinSCP with the sync command which syncs a folder transparent for him to the SFTP server.
     
  5. Bogi

    Bogi New Member

    Messages:
    14
    Likes Received:
    0
    more than 1 year old thread :) but maybe I can share my (bad) experience. Around 2005 my web server that use WebDAV had been compromised (there was a tool to inject a file on a WebDAV folder). So I use virtualization ever since.

    ------------------------------
    Bogi Aditya
    Telkom Institute of Management
    http://www.imtelkom.ac.id