On Tue, 2 Aug 2005 Mace.Scott@xxxxxxxxxxxxxxxxxxx wrote:
Now that's just ridiculous! So my choices are: (A) Convince the web site administrator to change their authentication mechanism,
Or convince them that if they use authentication then they should use SSL as well to protect the data and integrity of the communication. This also solves the security problem of enabling plain-text authentication allowing the site to be used with all browsers, not just MSIE.
(B) Don't use a proxy, or (C) Bypass the proxy for any site that uses NTLM authentication, which means fiddling with the firewall for a bunch of crappy sites. Not much of a choice. There has to be a way around this, otherwise proxy servers are useless.
Well, Microsoft has always said that NTLM authentication is not suitable to be used over the Internet. It's meant to be used in your local network only.
Regards Henrik
