Re: Redhat 6.0 cachemgr.cgi lameness

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 30 Jul 1999 23:48:25 +0200

Peter Boutzev wrote:

> I did not found any information about useing an encrypted manager password in
> squid.conf".

Yes, the cachemgr_passwd directive is lame and not very secure. However,
most proxy servers should be isolated from the users and not allow
interactive logons (other than possibly the cache manager using SSH for
maintaining the server), so if people are allowable to get to the point
where they may read Squids configuration file then you probably are in
deep shit anyway.

A more secure way to protect the cachemgr functions than the
cachemgr_passwd directive is with Squids access list controls. This
method allows you to control access on a per user basis, with passwords
stored in mostly any source (implementations exists for NCSA style
password files, LDAP, PAM, Unix, and a lot more).

--
Henrik Nordström
Squid developer
Received on Fri Jul 30 1999 - 15:52:45 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:38 MST