>Basic authentication is fundamentally insecure. If you need to secure it, then you >would have to >use a technique like SSL port-forwarding or IPsec encryption.
That's what i'm talking about. >If your only goal is to protect the password exchanges then using Digest >authentication is an >lternative. Here I recommend the Digest helper from Squid-3.0 with Squid-2.5. The >digest helper from >Squid-3.0 is compatible with the htdigest Digest password hashing program from Apache >much in the same >manner that the ncsa_auth program is compatible with the htpasswd password hashign >program from Apache >(note to others: the ncsa_auth helper in Squid-3.0 also supports MD5 hashing, not >only crypt hashing) Thank's for advise, but I need to make something clear to me. Main problem with ncsa_auth is SNIFFERS, i.e. simply sniffer can get password from TCP packet. Does digest helper allow to encrypt password before transmiting it to a proxy (or how it works)?
