W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2006

Re: DAV 'drop box'

From: Tristan Fiedler <fiedler@cshl.edu>
Date: Wed, 20 Dec 2006 16:01:35 -0500
Message-Id: <0f123404f673d1d9db6480f2e36cdb2d@cshl.edu>
Cc: w3c-dist-auth@w3.org
To: alex@ubudesign.com

Thank you all for the replies.  Removing GET applies to the 'Require 
user' directive I believe. Thus removing GET leaves this method 
unprotected.  See http://httpd.apache.org/docs/1.3/mod/core.html#limit

  However, changing directory permissions to 'd-wx-wx-wt' seems to do 
the job.


On Dec 20, 2006, at 3:15 PM, Alex Jalali wrote:

> I'm not that familiar with apache permissions but wouldn't removing 
> GET,
> DELETE ect from limit do what you need?
>
>  <Limit GET OPTIONS PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
>  MOVE LOCK UNLOCK>
>
>
>>
>> I am using a DAV server for a project where authorized users will
>> upload large data files to our DAV site (linux running apache).  I 
>> have
>> been able to set up the apache directives to allow users to upload
>> files, but wanted to know if there is a way to allow *only* file
>> uploads, and thus prevent users from reading files already present in
>> the DAV directory, and also from deleting/downloading files already
>> present in the DAV directory.
>>
>> Basically, I am attempting to create a "drop box" where users must
>> login, then can upload their file but not delete or read material
>> already present on the DAV folder.  I currently have the httpd.conf
>> file :
>>
>>     <Location /dav_directory>
>>     DAV On
>>     AllowOverride None
>>     Options +Indexes
>>     AuthType Basic
>>     AuthName "authorization"
>>     AuthUserFile /path/to/passwd/file
>>     <Limit GET OPTIONS PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
>> MOVE LOCK UNLOCK>
>>         Require user foobar
>>     </Limit>
>> </Location>
>>
>> Many thanks for any assistance!
>>
>>
>>
>
Received on Wednesday, 20 December 2006 21:08:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:15 GMT