webdav: add some credential feature #1298

Tofee · 2024-10-06T10:31:39Z

Currently, when rustic webdav is started, the webdav access is open to everyone.

It would be nice to have an option to protect this access with a login/passowrd. We could even think of a simple protection, with the login begin whatever, and the password the same as the repository password.

What is your view on this?

The text was updated successfully, but these errors were encountered:

simonsan · 2024-10-06T13:28:07Z

I think this is related to adding TLS support for webdav. If we implement a simple user/password authentication, this doesn't help much if on your intranet others can see the traffic and just read the credentials.

But anyway, webdav is done by the warp crate (which we might refactor to axum at some point) at the moment - if anyone wants to add improvements, they will be very local at the place where warp is called.

Originally posted by @aawsome in #1271 (comment)

github-actions bot added the S-triage Status: Waiting for a maintainer to triage this issue/PR label Oct 6, 2024

simonsan added C-enhancement Category: New feature or request A-security Area: Security related A-commands Area: Related to commands in `rustic` and removed S-triage Status: Waiting for a maintainer to triage this issue/PR labels Oct 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

webdav: add some credential feature #1298

webdav: add some credential feature #1298

Tofee commented Oct 6, 2024

simonsan commented Oct 6, 2024

webdav: add some credential feature #1298

webdav: add some credential feature #1298

Comments

Tofee commented Oct 6, 2024

simonsan commented Oct 6, 2024