# Webdav vs Ftp, which is better and more secure?



## olav (Jun 23, 2010)

A friend of me want to borrow some space for saving documents easily over a network folder. He prefer using Windows where he can easily mount a webdav folder or a ftp folder as network location.

I configured Apache with the webdav modules and created a digest authentication. Worked great except for a weird IE8 bug where lan settings with auto detection enabled would cause Webdav to be horribly slow.

I also setup vsftpd which is A LOT faster than Webdav. And there are no weird IE bugs 

However what about security? Does Webdav send login parameters in plain text as ftp? I guess I also need to configure firewall rules to prevent brute force attacks for both technologies?

What technology should I go for?


----------



## takizo (Jun 25, 2010)

It's better and easier to run on FTP. 

If security is highly concern, you can generate a certificate and do SSL FTP on vsftp.


----------



## phoenix (Jun 25, 2010)

FTP needs to die!!  In fact, any protocol that requires separate communications and data ports, with the remote server connecting back to the client, that won't work through NAT, needs to die!!  Especially if it won't work through a double-NAT (NAT on client, NAT on server).  (Yes, I am looking at all you VoIP protocols ...)

Unfortunately, there's no really nice, easy, drop-in replacement for FTP.  If only SFTP/SCP were better supported in file managers, and easier to configure on the server for shell-less accounts.

WebDAV sounds nice on paper.  I haven't actually used it, though, so can't really speak to how well it works as a replacement file transfer protocol.


----------



## olav (Oct 19, 2010)

Actually right now I use SFTP. While it's not possible to mount it as a disk in Windows, my friend can use WinSCP with the sync command which syncs a folder transparent for him to the SFTP server.


----------



## Bogi (Nov 16, 2011)

more than 1 year old thread  but maybe I can share my (bad) experience. Around 2005 my web server that use WebDAV had been compromised (there was a tool to inject a file on a WebDAV folder). So I use virtualization ever since.

------------------------------
Bogi Aditya
Telkom Institute of Management
http://www.imtelkom.ac.id


----------

