RE: [squid-users] Is Squid an option for me? <newbie>

From: <sean.upton@dont-contact.us>
Date: Wed, 19 Sep 2001 16:20:22 -0700

I sort of assumed it was not possible to hijack basic auth headers in the
browser, but was hoping it was...

I'm working on a system that does 2 things: acts as a subscriber gateway to
protected content, and use proxy_auth against a database to determine if a
user has access to said content; the second thing my system does is act as a
registration system, allowing subscribers to maintain their profiles, change
their passwords, etc, which happens through an app server that interacts
with the relational database that it shares with my proxy_auth program.
This whole thing looks like one site to users thanks to the use of a
redirector. Both the back-end app server and my proxy auth app use basic
auth and the same RDB for user/pw, so this would work out well. I was
hoping that I might be able to provide a pretty initial login UI and still
use basic auth so my logins are unified between Squid and my back-end user
registration server, but I guess a standard broswer auth dialog will have to
do.

[Client]
    | Authentication domain includes both proxy auth
    | for content server (via Squid) and the registration
    | server (for itself) - Squid passes auth to reg. svr.
    v
[Squid / accel w/ redirector + auth]_
    | | \
    | Must be proxy | \
    | authenticated to | \
    v access content svr. | ]===> SQL
[Content Svr.(no auth)] | / USER DB
                               v /
           [Registr. App Svr.(auth)]_/

Sean

-----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Wednesday, September 19, 2001 3:42 PM
To: sean.upton@uniontrib.com; yanek@cigital.com;
squid-users@squid-cache.org
Subject: Re: [squid-users] Is Squid an option for me? <newbie>

----- Original Message -----
From: <sean.upton@uniontrib.com>
To: <yanek@cigital.com>; <squid-users@squid-cache.org>
Sent: Thursday, September 20, 2001 7:51 AM
Subject: RE: [squid-users] Is Squid an option for me? <newbie>

> I'm also interested in seeing if this is possible, at least from the
basic
> auth angle.
>
> More specifically, I would want to:
...most of this has already been answered...

> - (optionally) figure out a way to do basic auth login via an html
web-form
> instead of a default browser dialog (that is, prempt the auth
challenge
> response, even if this only can be done via client-side scripting on
capible
> browsers).

I'm not aware of any _scripting_ interface to access the http channel.
There are binary means though.

I don't see the benefit however - as you seem to be using the 2nd tier
for software authentication... Basic authentication is designed to
identify the end user. If you have scripting code running, use it to
implement token based authentication for your code.

Rob
Received on Wed Sep 19 2001 - 17:26:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:18 MST