> > > Having NTLM proxied outside the LAN is a security risk,
> as a carefully
> > > crafted NTLM challenge can reveal much details about the
> NTLM hash of
> > > the user, so I imagine some networks would like to have
> NTLM proxying
> > > disabled in all cases even if the proxy is capable of handling it.
> >
> > Sure. Enabling makes no sense for the ISP, but it has some benefits
> > in a corporate environment.
>
> Que? I am more of the opposite impression.
>
> An ISP might not care.
>
> In a corporate environment you care as you do not want
> external sites to
> be able to snoop the internal passwords.
AFAIK IE doesn't send default credentials to 'internet zone' sites,
at least not with the default settings. Rather, it pops a three-fields
requester up.
Actually I had misunderstood you, I thought you were referring
to the basic-to-NTLM bridge.
-- /kinkieReceived on Fri Apr 13 2001 - 14:46:18 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:46 MST