>Basic authentication is fundamentally insecure. If you need to secure it, then you would have to
>use a technique like SSL port-forwarding or IPsec encryption.
That's what i'm talking about.
>If your only goal is to protect the password exchanges then using Digest authentication is an
>lternative. Here I recommend the Digest helper from Squid-3.0 with Squid-2.5. The digest helper from
>Squid-3.0 is compatible with the htdigest Digest password hashing program from Apache much in the same
>manner that the ncsa_auth program is compatible with the htpasswd password hashign program from Apache
>(note to others: the ncsa_auth helper in Squid-3.0 also supports MD5 hashing, not only crypt hashing)
Thank's for advise, but I need to make something clear to me. Main problem with ncsa_auth is SNIFFERS, i.e. simply sniffer can get password from TCP packet. Does digest helper allow to encrypt password before transmiting it to a proxy (or how it works)?
Received on Mon May 24 2004 - 00:01:11 MDT
This archive was generated by hypermail pre-2.1.9 : Mon May 31 2004 - 12:00:02 MDT