Re: [squid-users] unsecure comunication between user agent and squid server during authentication.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 9 Jun 2002 21:11:37 +0200

On Sunday 09 June 2002 20:05, Luis Guzmán Hernández wrote:
> When authentication is requiered, the user type his username and
> password in the browser and then it is send unecrypted, just
> encoded with base64 across the network. How can i do that the
> browser send it encrypted any way

By not using Basic HTTP authentication as login mechanism.

In Squid-2.5 there is support for the standard Digest HTTP
authentication mechanism and MS proprietary NTLM over HTTP. Both uses
encrypted passwords but require a browser supporting the login
mechanism, and in many cases a different password database.

There is also another but more remote method, and it is to convince
the browser manufacturers that it would be good if they supported SSL
encrypted proxies, allowing any communication between the browser and
the proxy to be fully encrypted using SSL. To my knowledge none of
the browsers on the market support this, but there is not really any
technical reasons why not except for the increased CPU load on the
proxy...

Regards
Henrik
Received on Sun Jun 09 2002 - 13:36:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:37 MST