At 18.26 16/04/2004, Henrik Nordstrom wrote:
On Fri, 16 Apr 2004, Serassio Guido wrote:
> Henrik:
> I have forgotten this detail ...., thanks for remember me it.
>
> But I have a question for you: why don't make this a squid.conf option like
> "httpd_accel_authentication on|off" valid only when Squid runs as an httpd
> accelerator ?
The problem is already solved in Squid-3.0 with the split of acceleration and interception, completely eleminating the need for this define.
Squid-2.5 is in bug maintenance mode since long back so there should be no new features unless security related or otherwise critical. And by experience making this option visible people will abuse it in interception mode without understanding what it does and then get badly bitten by their users even if we write in bold capital letters all over the place that this is not possible (which is why the define was added) so I prefer having discussion about it each time a user needs this feature of accelerator more authentication in Squid-2.5 or earlier.
OK, I'was thinking to 3.0, so my question is unuseful.
In the NT build such abuse is less likely as interception with NT is very uncommon, so I don't mind if this option is enabled by default there especially not considering that compiling Open Source programs scares most NT admins and is somewhat more complex than in the UNIX world..
You are right: interception on NT is a feature non currently available, so build Windows binaries with AUTH_ON_ACCELERATION defined should be safe.
Regards
Guido
- ======================================================== Guido Serassio Acme Consulting S.r.l. Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
