[Syncevolution-issues] [Bug 56240] Can't use CalDAV with Digest Auth
https://bugs.freedesktop.org/show_bug.cgi?id=56240
--- Comment #5 from Tobias Mueller <fdo-bugs(a)cryptobitch.de> ---
(In reply to comment #4)
The rationale was that no-one would ever use WebDAV over an
unencrypted
channel, because otherwise the equally sensitive private data would be
visible to eavedroppers.
That's a bold assumption. If your usecase doesn't follow a Bell LaPadula
security model but rather Biba, then you don't mind exposing the content but
the credentials to set the content. Think announcements. I don't mind everyone
reading public announcements I store via CalDAV, but I don't want everyone to
be able to set or alter these.
Do you use https?
No. Not just yet. I was going step by step.
Sending the credentials in advance could (should?!) be limited to
https.
Hm. Maybe.
I see usecases for sending credentials besides the server being okay with no
credentials. I.e. the announcements scenario where it's perfectly fine to read
a calendar, but if you are authorized, you get a different calendar.
I'm out of ideas. Can you recompile from source with the Basic
authentication disabled?
yes. Give me a couple of days and feel free to nag me.
In the meantime I'll try to reproduce this with my own setup of
Apache+DAViCal.
Note that Apache is enough. In fact, any webserver that requires Digest Auth
should do. I haven't checked whether there is a simple Python implementation
but there should be one.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
Attachments:
- attachment.html (text/html — 2.5 KB)