WebApp Sec mailing list archives

HTTP CONNECT and WebDav Authentication

From: <webappsecquestions () hushmail com>
Date: Mon, 15 Sep 2003 19:28:38 -0700

Can anyone explain to me what HTTP Connect allows and how someone would
exploit a site that has it enabled ?

Also how does authentication work with WebDav ? ie if the DELETE method
is enabled, how does the web server authenticate a request to delete
a file and where is that username and password kept.





Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Current thread:

HTTP CONNECT and WebDav Authentication webappsecquestions (Sep 15)
- RE: HTTP CONNECT and WebDav Authentication Kevin Spett (Sep 16)