On Thu, 23 Sep 2004, Martyn Bright wrote:
> A specific external site (that I do not control) the users need is https and
> not available via the remote proxy - squid goes to it directly.
>
> I need the users to authorize before they connect to this specific site.
> Unfortunately with basic auth, IE helps(!!!) by offering to remember the
> users password details. I cannot allow this as the clients are accessible
> by the public and must not be able to get to the secure site without having
> to type in a password. I know I can disable this IE helper functionality in
> windows, but that will stop it for all sites which is not what I want.
>
> I figured that if I pass authentication control to a web page of my own, I
> should be able to stop IE from interfering.
Not really. If IE understands this page contains a password form it still
allows you to save the password...
And since the site is using https the proxy has no means of modifying the
requests or add/delete any information while forwarding the request. All
the proxy sees is that the browser wants to connect and do something at
the requested side, nothing more.
If the site was using http then Squid would be able to use other means of
providing the authentication credentials, but with https sites the
encryption considerably limits the man-in-the-middle capabilities.
Regards
Henrik
Received on Thu Sep 23 2004 - 04:56:18 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT