Comments on: WebDAV With Apache2 On Debian 5.0 (Lenny) http://www.debianadmin.com/webdav-with-apache2-on-debian-5-0-lenny.html Debian/Ubuntu Linux System Administration Tutorials,Howtos,Tips Thu, 19 Nov 2009 13:24:32 -0500 http://wordpress.org/?v=2.8.6 hourly 1 By: Fabrizio http://www.debianadmin.com/webdav-with-apache2-on-debian-5-0-lenny.html/comment-page-1#comment-3991 Fabrizio Mon, 09 Nov 2009 11:13:28 +0000 http://www.debianadmin.com/?p=899#comment-3991 I agree with Core: *DON'T PUT passwd.dav UNDER BROWSABLE DIRECTORY*: use /etc/apache2/passwd.dav instead of. I agree with Core: *DON’T PUT passwd.dav UNDER BROWSABLE DIRECTORY*: use /etc/apache2/passwd.dav instead of.

]]> By: core http://www.debianadmin.com/webdav-with-apache2-on-debian-5-0-lenny.html/comment-page-1#comment-3312 core Sat, 04 Jul 2009 13:30:01 +0000 http://www.debianadmin.com/?p=899#comment-3312 Never, **never**, put password files under a web accesible directory. In this example, any user can take passwd.dav file via http request. Passwords for all users are not directly readable (there are "crypted"), but it's easy to crack it using brute force and/or dictionary attack (and there are a lot of tools to do that out there). Safe place for that file could be /var/www/passwd.dav or even better (i think) /etc/apache2/passwd.dav Never, **never**, put password files under a web accesible directory.
In this example, any user can take passwd.dav file via http request.
Passwords for all users are not directly readable (there are “crypted”),
but it’s easy to crack it using brute force and/or dictionary attack
(and there are a lot of tools to do that out there).

Safe place for that file could be /var/www/passwd.dav or even better (i
think) /etc/apache2/passwd.dav

]]>