[squid-users] Authentication\Authorization using a PAC file?

Kinkie gkinkie at gmail.com
Mon Nov 24 12:43:12 UTC 2014


Hi Eliezer,
  I don't think so. PACfiles have no access to the DOM or facilities
like AJAX, and are very limited in what they can return or affect as
side-effects. In theory it could be possible to do something, but in
practice it would be only advisory and not secure: a pacfile must by
definition be in a publicly-accessible URL, so anyone can read it and
interpret it.

On Mon, Nov 24, 2014 at 11:25 AM, Eliezer Croitoru <eliezer at ngtech.co.il> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I do know that pac files contains some form of JS and in the past I
> have seen couple complex PAC files but unsure about the options.
> I want to know if a PAC file can be used for
> Authentication\Authorization, maybe even working against another
> external system to get a token?
>
> Thanks,
> Eliezer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUcweKAAoJENxnfXtQ8ZQUy7oH/ieegXDfKslc8NPYgzkRfpRW
> JVYcRB9gqVEQSEpphznVz3s4PTuspYYKmNnr1uWMnUQRC906GPaa326j+EMtQ9Eq
> mcPc2dBU7jyMkj5V4EUAJlMZ+29YzDFKSAAJkf4/cYX5ik1JKOMyIljaKF5O4PQU
> HNhSUVrQ+/9nkDE8puzALYYFygKn+u8exN2pr9ikobAgsGhoMMsULJxQi90st67S
> W9/Be12+2KiBxGWBwnTCNTZjRs5xAg/8xsLTOuMMzKPF0ihpDRcDFQFYZYF22uKM
> BQAZCG1VJWz8wwDrDN8Pmy7AbII2ygFvKu/8s6S7ZAdq7mragGVsyhJzVoQzqJc=
> =l9Ue
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



-- 
    Francesco


More information about the squid-users mailing list