
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Web Applications
|
357
# The directory part of this must be writeable
# by the user ID running apache:
DAVLockDB /usr/local/apache/davlock/
DAVMinTimeout 600
# Use a Location or Directory for each DAV area.
# Here, let's try "/DAV":
<Location /DAV>
# Authentication:
AuthName "DAV"
AuthUserFile /usr/local/apache/passwords/dav.htpasswd"
AuthType Basic
# Some extra protection
AllowOverride None
# Allow file listing
Options indexes
# Don't forget this one!:
DAV On
# Let anyone read, but
# require authentication to do anything dangerous:
<LimitExcept GET HEAD OPTIONS>
require valid-user
</Limit>
</Location>
The security implications of DAV are the same as for basic authentication: the name
and password are passed as plain text, and you need to protect the name/password
files.
DAV is easy to use and quite flexible. A new extension called DELTA-V will handle
versioning, so DAV could eventually provide a web-based source-control system.
XML, Web Services, and REST
XML started as a text-based markup language to preserve the structure of data. It
grew beyond file formats to RPC protocols such as XML-RPC and SOAP. These pro-
tocols use HTTP because it usually passes through corporate firewalls, and it would
be difficult to establish a new specialized protocol. With other proposed standards
such as Web Services Description ...