WebApp Sec mailing list archives
HTTP CONNECT and WebDav Authentication
From: <webappsecquestions () hushmail com>
Date: Mon, 15 Sep 2003 19:28:38 -0700
Can anyone explain to me what HTTP Connect allows and how someone would exploit a site that has it enabled ? Also how does authentication work with WebDav ? ie if the DELETE method is enabled, how does the web server authenticate a request to delete a file and where is that username and password kept. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Current thread:
- HTTP CONNECT and WebDav Authentication webappsecquestions (Sep 15)
- RE: HTTP CONNECT and WebDav Authentication Kevin Spett (Sep 16)