Christian

Kildau

Network Engineer


Welcome to my little blog. I am mostly techie over here, blogging about networking and system administration topics, but there will also be some Travel Reports from time to time…

How to Setup WebDAV and MySQL Authentication using Apache2

November 15, 2008Christian Kildau0 Comments

FTP is depracted. It’s been designed back in the days when the Internet consisted only of a few Computers. It’s not Firewall friendly (there are some hacks to get it through today’s Firewalls though) and should not be used any longer. Especially because the standard FTP protocol sends your password in clear-text across the net.

So, any alternatives? YES! There are at least WebDAV and SFTP (not to confuse with FTPs). I’m using WebDAV because it’s easier to authenticate my User’s accounts against a MySQL Table. WebDAV is an extension to the HTTP protocol so all you need is a Webserver that is reachable by your users. I am on using Debian for all examples, so don’t forget to replace any Debian specific commands with the appropiate ones of your Distro.

O.K. first of all I created a Database containing a Table with a structure like username(text), password(text). Use ENCRYPT to encrypt your passwords. Mine looks like:

1
2
3
4
5
6
7
8
+-------------+------+------+-----+---------+-------+
| Field       | Type | Null | Key | Default | Extra |
+-------------+------+------+-----+---------+-------+
| name        | text | NO   |     | NULL    |       |
| username    | text | NO   |     | NULL    |       |
| password    | text | NO   |     | NULL    |       |
| description | text | NO   |     | NULL    |       |
+-------------+------+------+-----+---------+-------+

Make sure you have a user that has enough rights to access this table from your Webserver.

Next step is to enable WebDAV and DBD and restart apache2.

1
2
$ sudo a2enmod dav dav_fs dbd authn_dbd
$ sudo invoke-rc.d apache2 force-reload

That’s almost it! All you need to do now is configure MySQL somewhere in your httpd.conf, enable WebDAV and make sure apache2 has enough rights on the dir you want to enable WebDAV. This is how I did it on my Webserver. (If you’re also on Debian you can just add this to your /etc/apache2/sites-available/default)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<Virtualhost *:80>
[...]
DBDriver mysql
DBDParams "host=mysqlhost.example.org dbname=network user=www-ext pass=123456
DBDPersist Off
[...]
Alias /restricted /var/www/restricted-webdav
<Directory /var/www/restricted-webdav>
     DAV On
     AuthType Basic
     AuthName "Restricted"
     AuthBasicProvider dbd
     AuthDBDUserPWQuery "SELECT password FROM webdav WHERE username=%s"
     Require valid-user
     Options Indexes MultiViews FollowSymLinks
     AllowOverride none
</Directory>
[...]
</VirtualHost>

That’s almost it, just do:

1
$ sudo invoke-rc.d apache2 reload

You can try cadaver:

1
2
3
4
5
6
7
8
9
10
11
12
13
$ cadaver http://www.chrisk.de/restricted
Authentication required for Restricted on server `www.chrisk.de':
Username: example
Password:
dav:/restricted/&gt; ls
Listing collection `/restricted/': collection is empty.
dav:/restricted/&gt; put Downloads/yet-another-photoblog.1.9.13.zip
Uploading Downloads/yet-another-photoblog.1.9.13.zip to `/restricted/yet-another-photoblog.1.9.13.zip':
Progress: [=============================&gt;] 100.0% of 937488 bytes succeeded.
dav:/restricted/&gt; ls
Listing collection `/restricted/': succeeded.
yet-another-photoblog.1.9.13.zip     937488  Nov 14 22:13
dav:/restricted/&gt;

You can even “mount” these WebDAV drives in MacOS, Windows XP, Vista and most UNIX desktop environments. (Vista has some issues with WebDAV, see: this)
That’s it. But you should consider switching to HTTPs for a more secure file-exchange.


Leave a Reply