On Sat, 9 Jan 2010 20:40:06 +0000, "J. Webster" <webster_jack@xxxxxxxxxxx> wrote: > I have had squid proxy auth setup for a while using NCSA. > > I assume this send passwords in clear text over the internet. Only if you configured Basic authentication over HTTP front-end for that NCSA back-end. It's theoretically possible to use secure front-end with NCSA. But Squid does not provide any helpers to do the NCSA storage manipulations required. > > Is there a way to secure this or would that require an SSL connection? Not really. You would need to use a secure authentication front-end ie digest or kerberos. That involves dumping the NCSA back-end in favor of a secure back-end. > > The password are all non dictionary words for our users so I assume the > connections should be fine. > > > > Secondly, is there a way to prevent proxy chaining in squid? Is there any No. > security risk with proxy chaining from client users? Maybe yes, maybe no. Any given chain is only as strong as its weakest link. It's plausible that the client chained proxy could be more secure than yours, or less. Amos
