Re: [squid-users] Authentication Doubt

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 10 Dec 2002 18:15:45 +0100

ons 2002-12-04 klockan 06.39 skrev James Camaron:

> I'm using squid with LDAP authentication. I like to
> clear a doubt regarding sending password from browser
> to squid. Did browser sends the password to the server
> in plain text or encrypted form. If plaintext, is
> there any way to send it in encrypted form.

basic HTTP authentication uses base64 encoded plaintext.

no, it cannot be encrypted as the browsers lacks support for any form of
encryption to proxies.

What you can do to protect the passwords on the network is to use Digest
authentication, but this cannot be integrated with your LDAP directory,
and not all browsers supports Digest authentication..

Regards
Henrik
Received on Tue Dec 10 2002 - 10:15:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:02 MST