Adam Lang wrote:
> Good point. Basic security rules still need to be applied. It is not a
> reason to slack off. But the point I was raising is that instead of dumping
> that much work into three webserves, you dump that much work into one squid
> server and add modest security between squid and the webservers.
The application I have for Squid-SSL is in combination with a firewall,
completely isolating the web servers from the Internet, and
authentication will be required to pass thru the reverse proxy. If you
don't have a valid account the only service you can reach in the
Squid-SSL revererse-proxy.
If you have SSL enabled web servers you MUST secure each of those to
a) Make sure you don't get defaced by hackers
b) Protect any private data sent by your users
Having SSL in Squid does not automatically solve your site security, but
still SSL enabled Squid can be one of the component in the setup that
secures your site security.
-- Henrik Nordstrom Squid Hacker, http://www.marasystems.com/Received on Wed Apr 18 2001 - 14:47:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:22 MST