Authentication: SSL-Encryption for Proxy Fallback Login
Please make the proxy authentication encrypted if the client does not support eDirectory SSO. Actually user and password are sent in human-readable cleartext.
Same thing for the transparent proxy with authentication. The login form is provided via http... Why not https?
ars
shared this idea
7 comments
-
Elmar Haag
commented
if you use http proxy in mode "transparent with authentication" the authentication windows _is_ encrypted (https), so the passwords are transmitted securely between browser and ASG. Of course you need to have SSL Scanning activated in the proxy profile.
Digest Authentication is not usable due to technical reasons (at least if the users are not local users on the ASG but backend users). -
Sindbad Sailor commented
pimp up the captive portal
-
Ken Watts
commented
A non-encrypted proxy authentication is clearly unacceptable by any security standard. It looks like the eDirectory SSO could fallback to the transparent proxy auth page, rather than using basic http auth. The proxy auth page also needs to be SSL encypted using a generated cert signed by a client trusted CA.
-
Stefan Baumgart
commented
An alternatice mechanism was the support of digest authentication. Its not as secure as SSL but it is a first step.
-
yes we can - encrypt everything
-
Eric Severance
commented
I'd like it if all HTTP/S proxy traffic were encrypted. It'd be just one more layer of defense for a wireless network.
-
Andreas Kronawitter
commented
Cleartext Password are very secure, isn't it ?
I wish a https splace screen to auth. proxy.
