Serve Your iCal Calendars Using WebDAV
Subject:   pathetic security
Date:   2002-09-23 06:53:02
From:   mrprofessor
1)Using "Basic Authentication" is a BAD idea. It send your password as cleartext over the internet (where anyone can steal it).

"Digest Authentication" is just as easy (or difficult) to set up, and is more secure.

Since digest authentication (the version used by the mod_auth_digest apache module)is supported by iCal and by major current browsers like Mozilla and IE, there's no reason NOT to use it.

2)Also, I would use a limit statement like

require user joe

listing what http commands an unauthenticated user CAN use, rather than trying to list all the commands he CAN'T use.

When you set up a webDAV server, you are granting remote users on the internet write-access to your web-server.

This ought to scare you enough that you implement some decent security.