Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Authentication: SSL-Encryption for Proxy Fallback Login

Please make the proxy authentication encrypted if the client does not support eDirectory SSO. Actually user and password are sent in human-readable cleartext.

Same thing for the transparent proxy with authentication. The login form is provided via http... Why not https?

54 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    arsars shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    7 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Elmar HaagElmar Haag commented  ·   ·  Flag as inappropriate

        if you use http proxy in mode "transparent with authentication" the authentication windows _is_ encrypted (https), so the passwords are transmitted securely between browser and ASG. Of course you need to have SSL Scanning activated in the proxy profile.
        Digest Authentication is not usable due to technical reasons (at least if the users are not local users on the ASG but backend users).

      • Ken WattsKen Watts commented  ·   ·  Flag as inappropriate

        A non-encrypted proxy authentication is clearly unacceptable by any security standard. It looks like the eDirectory SSO could fallback to the transparent proxy auth page, rather than using basic http auth. The proxy auth page also needs to be SSL encypted using a generated cert signed by a client trusted CA.

      • Stefan BaumgartStefan Baumgart commented  ·   ·  Flag as inappropriate

        An alternatice mechanism was the support of digest authentication. Its not as secure as SSL but it is a first step.

      • Eric SeveranceEric Severance commented  ·   ·  Flag as inappropriate

        I'd like it if all HTTP/S proxy traffic were encrypted. It'd be just one more layer of defense for a wireless network.

      Feedback and Knowledge Base