On 20.06.2012 09:13, Terry Dobbs wrote:
When users are going through squid there are certain pages, like the
one
I mentioned where you just can't click a specific button. It always
seems flash related. If I reconfigure this user to not use squid I
can
use the page just fine. This leads me to believe its not solely a
browser issue.
When I say I told it to ignore I meant in the squid.conf file, where
I
allowed access to that specific domain without any kind of
authentication. Thinking about it, I understand this step is pretty
pointless as squid still processes the site. However I have had
success
in the past by allowing access to sites before the proxy_auth
required
command.
Not really sure what the issue is, but it seems to happen with just a
handful of random sites.
Flash player is separate software not permitted access to the browsers
internal password manager information.
* Flash player does not provide any means for users to enter passwords
unless the HTTP request is a GET.
* Flash script frameworks do not provide easily available support
unless the HTTP request is a POST.
* recent Flash versions prevent HTTP authentication unless the visited
*website* provides explicit file-based (ONLY file based) CORS support
for the relevant headers. NP: as documented this would prohibit
Proxy-Authentication.
Website authentication only works if the author who wrote the script
knows how to write a) the user I/O interface and b) the relevant
encryption algorithms (rare for anything better than Basic auth), and c)
adds explicit CORS support to their site. AND decided it was worth the
trouble.
As a result HTTP authentication of any type rarely works in Flash
applications. Proxy authentication has never been reported working, not
to say it can't, just that in my experience nobody has ever mentioned
seeing it happen despite common complaints here and in many other places
online.
Personally I rate Flash as a worse problem than Java in this regard. At
least Java provides libraries and API making it easy for developers who
know where to look (most seem not to use it, but that is a
knowledge/time issue not a technical barrier).
Amos