Its a protocol that allows editing a web site over a network or the internet over HTTP. FrontPage uses it (plus some additional stuff) to save to the remote hard drive. Other programs (like Macromedia Dreamweaver) can use it too.
Most ordinary users encounter it as the "web folders" in their network neighborhood.
To use it on IIS, you need the FrontPage server extensions installed.
> Its a protocol that allows editing a web site over a network or the internet > over HTTP. FrontPage uses it (plus some additional stuff) to save to the > remote hard drive. Other programs (like Macromedia Dreamweaver) can use it > too.
> Most ordinary users encounter it as the "web folders" in their network > neighborhood.
> To use it on IIS, you need the FrontPage server extensions installed.
This is not quite true. Frontpage is needed for frontpage extensions for Frontpage clients that want to upload data and manage websites including html bot support.
Webdav is an extension to the HTTP 1.1 protocol and is officially in a RFC while frontpage is -not-. For instance. OPTIONS/PUT/DELETE/PROPERTIES are typical webdav plus multiple return states commands that have nothing to do with frontpage.
> Is there any security issue of activating Webdav?
Security is managed using IIS MMC and the NTFS security. Of course, the more options a service supports, the more risk theoretically. If you are a security freak, you'd disable WebDav.
I like webdav, since it allows me to have remote directories from my own company as if they are windows folders, even when I'm working with my client that only allows us to use a proxy server to the extern internet.
After a site is extended with FrontPage Server Extensions, WebDAV requests are also handled by FPSE's author.dll.
For the security concerns, WebDAV is enabled on IIS5 defaultly: in IE File->Open, open the site as web folder. Therefore we need make sure anonymous account doesn't have any unnecessary Write permission of NTFS. In sites' Home Directory tab, disable Write if no file needs to be modifed or uploaded. On IIS6, it's a disabled Web Service extension by default.
To thoroughly diable WebDAV function on IIS5, we can either install Win2K SRP: 241520 How to Disable WebDAV for IIS 5.0 http://support.microsoft.com/?id=241520
or use URLScan to deny WebDAV verbs.
Best regards,
WenJun Zhang Microsoft Online Support This posting is provided "AS IS" with no warranties, and confers no rights. Get Secure! - www.microsoft.com/security
Just want to check if you still have further questions on this issue?
Best regards,
WenJun Zhang Microsoft Online Support This posting is provided "AS IS" with no warranties, and confers no rights. Get Secure! - www.microsoft.com/security
