On Wed, 2007-03-21 at 18:04 +0100, Stefan Bischof wrote:
I am sure we will eventually see compromised or otherwise unfriendly
ICAP servers that do nasty things. Such servers would love to do
nasty
things on behalf of a client, using client identity if possible.
Thus,
I have a problem
On Thu, 2007-03-22 at 16:26 +0100, Kinkie wrote:
In this regard I see the ICAP server not to be any different from a
proxy server, of which it is simply an extension.
Whether the trust boundary includes both the proxy and the ICAP server
depends on the setup. Being an extension is not always
Alex Rousskov wrote:
On Thu, 2007-03-22 at 16:26 +0100, Kinkie wrote:
In this regard I see the ICAP server not to be any different from a
proxy server, of which it is simply an extension.
Whether the trust boundary includes both the proxy and the ICAP server
depends on the setup. Being an
On Sat, 2007-03-10 at 16:00 +0200, Tsantilas Christos wrote:
I think that client address/port and squid address/port must copied.
They can not (and must not) changed by an ICAP server.
The same about authentication information because referred to users
authenticated on squid and this info
Hi folks!
Alex Rousskov wrote:
On Sat, 2007-03-10 at 16:00 +0200, Tsantilas Christos wrote:
I think that client address/port and squid address/port must copied.
They can not (and must not) changed by an ICAP server.
The same about authentication information because referred to users
On Wed, 2007-03-21 at 18:04 +0100, Stefan Bischof wrote:
I don't see your point (probably I don't understood something). The
ICAP-server already knows the clients username at this point, because of
the REQMOD request. If the evil ICAP-server redirects the request to a
evil HTTP-server, it
Hi Alex,
Alex Rousskov wrote:
On Wed, 2007-03-07 at 23:57 +0200, Tsantilas Christos wrote:
When an http request adapted using ICAP then the client and server
addresses and the authentication information does not copied to adapted
request.
This is will cause problems in any following access
Hi Stephan,
Stefan Bischof wrote:
First I implemented
http://www.i-cap.org/spec/draft-stecher-icap-subid-00.txt
http://www.i-cap.org/spec/draft-stecher-icap-subid-00.txt by sending
X-Include: X-Authenticated-User
in my OPTIONS response. (I don't know if this draft is really
implemented,
When an http request adapted using ICAP then the client and server
addresses and the authentication information does not copied to adapted
request.
This is will cause problems in any following access control lists
proccessing.
Looks that the following patch solves the problem. (But I am to tired
On Wed, 2007-03-07 at 23:57 +0200, Tsantilas Christos wrote:
When an http request adapted using ICAP then the client and server
addresses and the authentication information does not copied to adapted
request.
This is will cause problems in any following access control lists
proccessing.
10 matches
Mail list logo