Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

WebDAV is a network service that allows users access to files. Application developers and users should take extra precaution to prevent unauthorized users from having access to sensitive information on the device.

Best Practices

Use authentication

Always use authentication for each virtual root that has write permission enabled. This minimizes the possibility of malicious users filling the device file system with an enormous amount of data. For more information, see Web Server Authentication.

Set permission flags

Set appropriate permission flags that limit user access to files.

Be careful when using HSE_URL_FLAGS_SCRIPTS_SOURCE permission flag. This flag allows clients to download the source to ASP scripts and ISAPI extensions. This allows users to view the scripts that the Web Server uses.

Be careful when using the HSE_URL_FLAGS_SCRIPTS_SOURCE and HSE_URL_FLAGS_WRITE at the same time. This combination allows users to upload ASP pages and ISAPI extensions to the device. If malicious users can upload a script to your device, they can gain complete control of the device.

See Also