2003-03-21T10:14:53 pablo gietz: > Do you know how to encrypt the proces of authentication betwen the > browser and squid proxy?
As far as I can see, no. This would be a good question for a squid-specific list, though. What _ought_ to work is to enable https in squid (I don't see any support for that) or equally run a stunnel (preferably in transproxy mode, so squid can still see the real originating IPs) as a front end; then configure the browser to use https://url.of.squid:3128/ as the proxy. Problem is, I don't think this is actually supported. > We like to use the same login name and password for NT and squid, > but doing so we expose the password of the NT users based in the > fact that the browser code the password in base64. Exactly right. You've got two choices that I know of; either force people to use separate passwords for your squid, so their exposure doesn't do as much damage, or else craft the net between your users and your squid so you aren't so worried about sniffing. Well-monitored switches can be a help. Give everyone a separate switch port, and span every switch to an IDS set up to report attempts to whap its cam table. -Bennett
pgp00000.pgp
Description: PGP signature
