Basic HTTP authentication uses base64 encoded plain text. See RFC2617 for a full description of the Basic HTTP authentication scheme.
For increased security on the wire you can consider using digest authentication (Squid-2.5 required). However, this cannot integrate with any existing password databases, and requires a separate password file to be kept on the proxy. In future, please use the squid-users mailinglist for Squid usage and configuration questions. Regards Henrik m�n 2003-03-31 klockan 18.36 skrev Tulio Llosa: > Hello- > I have squid2.4.STABLE-4 installed and working. I am using pam for squid > authentication. > > authenticate_program /usr/lib/squid/pam_auth > acl password proxy_auth REQUIRED > > The whole thing is working very well. The only concern I have is > security. I try to sniff the traffic and could not find the clear text > password that was used during authentication. > How does squid do that. Does is it use a hash or cleartext? > How secure is this setup? Is there anything I can do to make it more > secure. > > Thanks in advance. > > ===== > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! > http://platinum.yahoo.com -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
