Search squid archive

Re: squid security check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 9 Jan 2010 20:40:06 +0000, "J. Webster" <webster_jack@xxxxxxxxxxx>
wrote:
> I have had squid proxy auth setup for a while using NCSA.
> 
> I assume this send passwords in clear text over the internet.

Only if you configured Basic authentication over HTTP front-end for that
NCSA back-end.
It's theoretically possible to use secure front-end with NCSA. But Squid
does not provide any helpers to do the NCSA storage manipulations required.

> 
> Is there a way to secure this or would that require an SSL connection?

Not really. You would need to use a secure authentication front-end ie
digest or kerberos.
That involves dumping the NCSA back-end in favor of a secure back-end.

> 
> The password are all non dictionary words for our users so I assume the
> connections should be fine.
> 
> 
> 
> Secondly, is there a way to prevent proxy chaining in squid? Is there
any

No.

> security risk with proxy chaining from client users?

Maybe yes, maybe no. Any given chain is only as strong as its weakest
link. It's plausible that the client chained proxy could be more secure
than yours, or less.

Amos

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux