Hi Henrik:
> Would not call it useful in a proxy. It is useful in accelerators but
> there the functionality is already available in Squid (a hidden
> define needs to be set in Squid-2.5 and earlier.. only to make it
> harder to find to make sure people who run transparent proxies do not
> think this is good for a transparent proxy, as it is not)
I gonna check it out. I swear not make it public :-)
> This will as you say make the browser think it is the web site who
> requires authentication. This has a number of implications:
>
> a) As you are now using the authentication protocol meant to be user
> by web sites, no web sites will be able to use authentication via
> your proxy.
That's true.
> b) The browser will request again for the password on each new web
> site requested.
I didn't realise this issue since squid shouldn't send "401 Unauthorized"
to browser for each new web site, only in the first
access attempt.
> c) Your users proxy login+password will most likely leak out in plain
> text on the Internet unless you take special action to prevent this
> by making sure the Authorization header is not forwarded.
Don't think this is a problem. As you said, it's just not
forward the Authorization header.
bests regards
-- []'s Lucas Brasilino brasilino@recife.pe.gov.br http://www.recife.pe.gov.br Emprel - Empresa Municipal de Informatica (pt_BR) Municipal Computing Enterprise (en_US) Recife - Pernambuco - Brasil Fone: +55-81-34167078Received on Fri Feb 28 2003 - 07:34:10 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:45 MST