Quick question: What is wrong with using basic authentication for forwarding
the username to the application(s)?
Such basic authentication can easily added to the request by redirectors or
and by per server cache_peer lines using the login= option.
Using basic authentication adds slightly more security, as the user do not
need to know the password.
Regards
Henrik
On Thursday 03 January 2002 00.06, Ben Herrick wrote:
> Hola Ladies and Gents,
> Below is a patch to squid-head-200201020000 which implements
> "Username Headers." The basic idea here is to specify a list of domain
> names which will receive a Proxy-Authenticated username. This is useful in
> my company as a unified logon, and may be useful to others as well.
>
> This feature adds one configuration option which is a list of domain
> suffixes to try to match against. By default the list is empty, and thus
> adds almost no overhead for folks who do not want this feature.
>
> If a list of domain names are present, the patch attempts to match the
> requested web page with any of the domains. If successful it will add an
> HTTP header like this:
>
> HTTP_X_PROXY_USERNAME: bherrick
>
> This is, of course, not even close to a secure way to authenticate users.
> However, in a small controlled intranet environment, it gives a useful
> hint for web scripts.
>
> Questions, comments and concerns are of course welcome. Please CC me on
> any traffic concerning this patch as I am not subscribed to the list.
Received on Thu Jan 03 2002 - 20:48:48 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:44 MST