Re: [squid-users] Using proxy authentication to detect/protect from malicious software?

From: Marco Stolpe <x25ugip1@dont-contact.us>
Date: Sat, 13 Sep 2003 00:35:10 +0200

Henrik Nordstrom wrote:
> On Friday 12 September 2003 14.33, Marco Stolpe wrote:
>
> [...]
>>What I mean is: based on which credentials (per request) does the
>>proxy decide which traffic is allowed to pass through after it has
>>successfully authenticated a user?
>
> The proxy always requires valid authentication to be attached to each
> and every request. If there is no valid login details attached to the
> request to the proxy then the request will be rejected. It is the
> browser or OS who maintains the browsing session and hides most of
> this logics from the user (to OS/browser only asks for login on first
> access etc).

Aaaah, thank you very much for your help. After reading so much about
creating customized login pages for web applications and keeping
session-ids by the use of cookies / rewritten URLs, I had entirely
forgotten that with basic authentication the session is managed by the
browser. That was exactly the information I needed to get a better
impression of the type of security one could achieve with a proxy.

Well, it's clear to me that absolute security is not possible. But
regarding the background information you have given to me, I hope with
a proxy one could at least reduce the probability of an incident,
especially in comparison to the firewall solution I presented here.
Moreover, a proxy would be more user friendly in this case.

Thanks again,

Marco
Received on Fri Sep 12 2003 - 16:32:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:43 MST