The Omni Group Forums

The Omni Group Forums (http://forums.omnigroup.com/index.php)
-   Other WebDAV (http://forums.omnigroup.com/forumdisplay.php?f=57)
-   -   Is data transmitted securely via WebDav? [A: Yes, if you specify HTTPS in sync path.] (http://forums.omnigroup.com/showthread.php?t=20294)

Senseful 2011-02-28 12:09 PM
Is data transmitted securely via WebDav? [A: Yes, if you specify HTTPS in sync path.]
 
If I choose to sync with a WebDav server over http, is the data encrypted in such a manner that an attacker monitoring network packets won't see my sensitive information? How about the information as it is stored on the server? Is that encrypted?

I'm planning on using both the Mac and iPhone clients to sync with a WebDav server.

whpalmer4 2011-02-28 12:16 PM
If you've configured it with an https URL it will be encrypted in transit, otherwise not. It will not be encrypted as stored on the disk on the server in either case.

curiousstranger 2011-03-01 05:31 PM
[QUOTE=whpalmer4;94236]It will not be encrypted as stored on the disk on the server in either case.[/QUOTE]

I would clarify this to say that it [B]may[/B] not be encrypted on disk. Swissdisk, for example, does also encrypt the data on disk.

whpalmer4 2011-03-01 07:19 PM
[QUOTE=curiousstranger;94296]I would clarify this to say that it [B]may[/B] not be encrypted on disk. Swissdisk, for example, does also encrypt the data on disk.[/QUOTE]
Fair enough, but the data is decrypted after it emerges from the networking stack, before it gets written to the disk. If you aren't willing to trust the provider to keep prying eyes away from their disks, are you willing to trust that they can keep them away completely? It will discourage the casual snooper, but I wouldn't rely on it to stop a determined attack if your data is worth stealing.

curiousstranger 2011-03-02 05:18 PM
[QUOTE=whpalmer4;94297]Fair enough, but the data is decrypted after it emerges from the networking stack, before it gets written to the disk. If you aren't willing to trust the provider to keep prying eyes away from their disks, are you willing to trust that they can keep them away completely? It will discourage the casual snooper, but I wouldn't rely on it to stop a determined attack if your data is worth stealing.[/QUOTE]

Agreed. Most security standards require transport encryption and encryption at rest, but data is not usually encrypted on the entire path between those two states. Most data compromises happen due to unauthorized access to data at rest.

Given a determined enough attacker, no data is secure, so I'm satisfied with keeping the bottom 95% away ;)

[QUOTE]It will not be encrypted as stored on the disk on the server in either case.[/QUOTE]

To the original point, Swiss Disk does encrypt the data stored on disk.


All times are GMT -8. The time now is 04:40 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.