On Sat, 9 Jan 2010 20:40:06 +0000, "J. Webster" <webster_jack_at_hotmail.com>
wrote:
> I have had squid proxy auth setup for a while using NCSA.
>
> I assume this send passwords in clear text over the internet.
Only if you configured Basic authentication over HTTP front-end for that
NCSA back-end.
It's theoretically possible to use secure front-end with NCSA. But Squid
does not provide any helpers to do the NCSA storage manipulations required.
>
> Is there a way to secure this or would that require an SSL connection?
Not really. You would need to use a secure authentication front-end ie
digest or kerberos.
That involves dumping the NCSA back-end in favor of a secure back-end.
>
> The password are all non dictionary words for our users so I assume the
> connections should be fine.
>
>
>
> Secondly, is there a way to prevent proxy chaining in squid? Is there
any
No.
> security risk with proxy chaining from client users?
Maybe yes, maybe no. Any given chain is only as strong as its weakest
link. It's plausible that the client chained proxy could be more secure
than yours, or less.
Amos
Received on Sun Jan 10 2010 - 05:21:13 MST
This archive was generated by hypermail 2.2.0 : Sun Jan 10 2010 - 12:00:03 MST