Re: Negotiating with a Proxy server
Re: Negotiating with a Proxy server
- Subject: Re: Negotiating with a Proxy server
- From: Wade Tregaskis <email@hidden>
- Date: Sat, 8 Feb 2003 20:15:29 +1100
Proxy-Authorization: Basic UserPass\r\n
You create UserPass by concatenating the userID + ":" + password and
then
uuencoding that string.
Unfortunately the result is that your proxy username and password is
blindingly obvious to anyone with a packet sniffer. In the college I
live in, I can easily collect the login names and passwords of every
and any resident/user. The same username and password used to login to
the university network (i.e. change [re]enrollment info, student info,
etc)!! :(
I don't know if there's a more secure form, but I'd hope you can at
least send the password as a hash. If you can't, it may be that you
need to evaluate whether you should support authenticating proxies or
not, given the security issues. If all else fails, users can install
Privoxy (or similar such user-proxies) to add authenticating proxy
support in manually. And if you want to use any of Apple's products
through an authenticating proxy, you have to anyway, so your product
won't be alone in it's boat...
Wade Tregaskis
_______________________________________________
macnetworkprog mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/macnetworkprog
Do not post admin requests to the list. They will be ignored.