fre 2003-07-25 klockan 20.09 skrev Jerry Murdock: > I did some quick searching and saw a few messages about concern over > passing credentials without letting the user know. I'm assuming they > decided not to, but haven't looked deep enough to say for sure.
Probably wisest thing to do anyway. If you can make the client talk NTLM to you then you can access any server in the domain as if you was the client.. Most challenge/response authentication schemes are plauged by this problem. The only thing guaranteed by NTLM is that the information can not be reused to authenticate a second time without substantial computation effort. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
