Comments on: WebDAV With Apache2 On Debian 5.0 (Lenny)

By: Benny Neugebauer

Benny Neugebauer — Thu, 22 Sep 2011 15:17:44 +0000

Wahoo! Very nice tutorial. Thank you! It worked for me. But I put the passwd.dav file to “/etc/apache2/” as Fabrizio has recommended.

By: Fabrizio

Fabrizio — Mon, 09 Nov 2009 11:13:28 +0000

I agree with Core: *DON’T PUT passwd.dav UNDER BROWSABLE DIRECTORY*: use /etc/apache2/passwd.dav instead of.

By: core

core — Sat, 04 Jul 2009 13:30:01 +0000

Never, **never**, put password files under a web accesible directory.
In this example, any user can take passwd.dav file via http request.
Passwords for all users are not directly readable (there are “crypted”),
but it’s easy to crack it using brute force and/or dictionary attack
(and there are a lot of tools to do that out there).

Safe place for that file could be /var/www/passwd.dav or even better (i
think) /etc/apache2/passwd.dav