How secure is webdav? Is smb tunneling over ssh (with putty) a better solution?

How secure is webdav? Is smb tunneling over ssh (with putty) a better solution? What do you prefer?


WebDAV over SSL is as secure as the SSL implementations in the server and the client, the mechanism used for user authentication, and your trust with the certificates in use to authenticate the server computer and, if you're really paranoid, to authenticate the client computer (mutual SSL authentication isn't common, but it's certainly possible and used in many security-conscious deloypments).

SMB suffers HORRIBLY over latent connections. If your WebDAV client is fully-featured and works well I'd highly recommend that rather than SMB over anything in a WAN scenario.


You may also want to look at SFTP:

FTP, SCP or something else


Webdav over SSL is secure.
SMB over ssh will be less easy to setup I think
I think that in both case you want to do a performance test to see which one will be faster when used with SSL/SSH.
If there is no major difference I would choose Webdav


As Evan Anderson said, webdav can be made fairly secure. If you use SSL, then you have encryption in transit. Depending on how you configure it, you can point your authentication at a centralized location. As an example, I have run WebDav using Apache with LDAP auth. The downside to WebDav, is that is is an extension of the HTTP protocol. Unless you do some magic then the files on disk will be owned by the webserver user. That, was my biggest problem with WebDav as a system. That being said, for anything bigger than a single network it is likely going to be better than SMB. Single network being organizational, not broadcast domain.