Webdav vs Ftp, which is better and more secure?

Discussion related to network/web services such as Apache, BIND Sendmail, etc.

Webdav vs Ftp, which is better and more secure?

Postby olav » 23 Jun 2010, 21:29

A friend of me want to borrow some space for saving documents easily over a network folder. He prefer using Windows where he can easily mount a webdav folder or a ftp folder as network location.

I configured Apache with the webdav modules and created a digest authentication. Worked great except for a weird IE8 bug where lan settings with auto detection enabled would cause Webdav to be horribly slow.

I also setup vsftpd which is A LOT faster than Webdav. And there are no weird IE bugs :)

However what about security? Does Webdav send login parameters in plain text as ftp? I guess I also need to configure firewall rules to prevent brute force attacks for both technologies?

What technology should I go for?
User avatar
olav
Member
 
Posts: 349
Joined: 23 Apr 2010, 19:39
Location: Norway, Stavanger

Postby takizo » 25 Jun 2010, 01:30

It's better and easier to run on FTP.

If security is highly concern, you can generate a certificate and do SSL FTP on vsftp.
takizo
Junior Member
 
Posts: 3
Joined: 27 Apr 2009, 05:59

Postby phoenix » 25 Jun 2010, 17:12

FTP needs to die!! In fact, any protocol that requires separate communications and data ports, with the remote server connecting back to the client, that won't work through NAT, needs to die!! Especially if it won't work through a double-NAT (NAT on client, NAT on server). (Yes, I am looking at all you VoIP protocols ...)

Unfortunately, there's no really nice, easy, drop-in replacement for FTP. If only SFTP/SCP were better supported in file managers, and easier to configure on the server for shell-less accounts.

WebDAV sounds nice on paper. I haven't actually used it, though, so can't really speak to how well it works as a replacement file transfer protocol.
Freddie

Help for FreeBSD: Handbook, FAQ, man pages, mailing lists.
User avatar
phoenix
MFC'd
 
Posts: 3349
Joined: 17 Nov 2008, 05:43
Location: Kamloops, BC, Canada

Postby olav » 19 Oct 2010, 06:45

Actually right now I use SFTP. While it's not possible to mount it as a disk in Windows, my friend can use WinSCP with the sync command which syncs a folder transparent for him to the SFTP server.
User avatar
olav
Member
 
Posts: 349
Joined: 23 Apr 2010, 19:39
Location: Norway, Stavanger

Postby Bogi » 16 Nov 2011, 12:58

more than 1 year old thread :) but maybe I can share my (bad) experience. Around 2005 my web server that use WebDAV had been compromised (there was a tool to inject a file on a WebDAV folder). So I use virtualization ever since.

------------------------------
Bogi Aditya
Telkom Institute of Management
http://www.imtelkom.ac.id
Bogi
Junior Member
 
Posts: 14
Joined: 10 May 2011, 17:06
Location: Telkom Institute of Management (http://www.imtelkom.ac.id)


Return to Web & Network Services

Who is online

Users browsing this forum: No registered users and 0 guests