fre 2003-07-25 klockan 20.09 skrev Jerry Murdock:
> I did some quick searching and saw a few messages about concern over
> passing credentials without letting the user know. I'm assuming they
> decided not to, but haven't looked deep enough to say for sure.
Probably wisest thing to do anyway. If you can make the client talk NTLM
to you then you can access any server in the domain as if you was the
client..
Most challenge/response authentication schemes are plauged by this
problem. The only thing guaranteed by NTLM is that the information can
not be reused to authenticate a second time without substantial
computation effort.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org Please consult the Squid FAQ and other available documentation before asking Squid questions, and use the squid-users mailing-list when no answer can be found. Private support questions is only answered for a fee or as part of a commercial Squid support contract. If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Fri Jul 25 2003 - 12:29:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:17 MST