> -----Original Message-----
> From: sean.upton@uniontrib.com [mailto:sean.upton@uniontrib.com]
>
> I sort of assumed it was not possible to hijack basic auth
> headers in the
> browser, but was hoping it was...
>
> I'm working on a system that does 2 things: acts as a
> subscriber gateway to
> protected content, and use proxy_auth against a database to
> determine if a
> user has access to said content; the second thing my system
> does is act as a
> registration system, allowing subscribers to maintain their
> profiles, change
> their passwords, etc, which happens through an app server
> that interacts
> with the relational database that it shares with my
> proxy_auth program.
> This whole thing looks like one site to users thanks to the use of a
> redirector. Both the back-end app server and my proxy auth
> app use basic
> auth and the same RDB for user/pw, so this would work out well. I was
> hoping that I might be able to provide a pretty initial login
> UI and still
> use basic auth so my logins are unified between Squid and my
> back-end user
> registration server, but I guess a standard broswer auth
> dialog will have to
> do.
You could hack squid to understand some form of token based
authentication instead of/as well as http authentication.
Rob
>
> [Client]
> | Authentication domain includes both proxy auth
> | for content server (via Squid) and the registration
> | server (for itself) - Squid passes auth to reg. svr.
> v
> [Squid / accel w/ redirector + auth]_
> | | \
> | Must be proxy | \
> | authenticated to | \
> v access content svr. | ]===> SQL
> [Content Svr.(no auth)] | / USER DB
> v /
> [Registr. App Svr.(auth)]_/
>
> Sean
>
Received on Thu Sep 20 2001 - 01:13:33 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:18 MST