Fog Creek Software
Discussion Board




Webdav

Anyone know of any good introductions to the Webdav protocol? I'm looking for newbie-to-intermediate level stuff, with background explanations, example implementations, etc.

I've looked at the main webdav page (webdav.org), but that quickly went over my head.

Thanks.

Nigel
Monday, February 09, 2004

what's your background and what's your goal?
have you read/tried to read RFC2518?

mb
Monday, February 09, 2004

I looked at RFC2518, but that's a little more detail than I'm looking for now. I have a couple projects that could potentially use a protocol like this in the long term, and I'm curious about what the potential benefits/problems/etc. would be.

My background is software engineering; user interfaces primarily.

Nigel
Monday, February 09, 2004

Security nightmare - stay away...

Kentasy
Tuesday, February 10, 2004

Subversion (http://subversion.tigris.org/) uses Webdav and there is a fairly good explanation of how it works in the context of a real application in the Subversion book: http://svnbook.red-bean.com/html-chunk/apd.html

You can also look for documentation on MSDN, Microsoft calls its implementation "Web folders"

gunga
Tuesday, February 10, 2004

basically WebDAV describes how to use a filesystem over a network. HTTP has basic concepts like PUT and GET, WebDAV defines them a little further and adds new verbs like PROPFIND/PROPPATCH (you can have arbitrary attributes on a 'file', though not all 'filesystems' will support all 'attributes'), MKCOL (aka mkdir), etc. Extensions to WebDAV also describe things like versioning (I assume Subversion uses some variant of this), search (DASL is tangentially related), etc.

if you're used to UI programming you'll have to consider that this is generally a network protocol, so while you can do almost any operation that you would on a local file, that's often a bad idea.

i don't know what security risks are inherent in the protocol. because it uses specific methods and headers, a firewall/proxy should be able to anylize requests and allow/deny them.

one risk is that it implies the 'just use ACLs' model of security on 'files', that is to say if you have http;//yourserver/yourfile/, you just start editing that same resource with WebDAV. In reality on a production website you might want to disallow even attempts at editing the resource from that URL.

what other security concerns are there with the protocol? (I wouldn't be surprised if there are lots with various implementations.)

mb
Tuesday, February 10, 2004

The main problem I have with Webdav and FrontPage extensions (WebDAV + MS extensions) is how it's usually deployed.

Naturally, editing like this should be done over a secure connection.  However, most of the files you will be editing are on an unsecured part of the webserver.  Most webservers are not properly set up so that WebDAV access must occur over a secure connection even for files which are globally readable.

Also, WebDAV is slooooooooow in practice compared to other file transfer protocols.

Richard P
Tuesday, February 10, 2004

those both sound like implementation issues to me. HTTP just takes the data, adds a few headers to it, and sends it over TCP/IP. it even supports compression with content transfer encoding.

mb
Wednesday, February 11, 2004

*  Recent Topics

*  Fog Creek Home