browser authentication (was Re: Intruducing myself)

From: Josef.Irnberger <Josef.Irnberger@dont-contact.us>
Date: Tue, 5 Nov 2002 23:46:08 +0100 (CET)

browser authentication (was Re: Intruducing myself)
Date: Tue, 5 Nov 2002 22:46:32 GMT
X-Mailer: Endymion MailMan FH Salzburg Edition

Hi Squid Developers,

thanks for the warm welcome and the quick reply!

--snip--
>>SQUID uses
>> plaintext/BASE64-encoding to transmit the username/password. Therefore I wanted
>> to ask, if there is any possibility to extend this to some secure method.
>
>The biggest problem in this area is how Squid is to receive the user
>credentials from the browser. There is only three known browser
>authentication methods:
>
> * Basic HTTP authentication (login:password base64 encoded)
> * Digest HTTP authentication (See RFC2617)
> * MS NTLM over HTTP authentication

The digest HTTP authentication seems appropriate to me. As it is part of the
HTML/1.1 standard, I guess most browsers will support it.

Have there been any attempts to implement the digest authentication in squid,
and if not, why not? Should I try to write an experimental implementation for this?

Regards,
Josef
Irnberger
Received on Tue Nov 05 2002 - 15:47:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:38 MST