[squid-users] Encrypt/Obfuscate squid.conf file

Alleshouse, Dale (NonEmp) dale.alleshouse at kroger.com
Wed Feb 3 16:07:27 UTC 2016


Yes, every developer is equally trusted with all the data.

"Encryption" was a clerical error on my part, I meant to say authentication...

As far as I can tell, we are going to have to do something besides basic authentication on our proxy server in order to make this work.

Thanks to everyone for their help.


-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Antony Stone
Sent: Wednesday, February 03, 2016 9:44 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Encrypt/Obfuscate squid.conf file

On Wednesday 03 February 2016 at 14:54:42, Alleshouse, Dale (NonEmp) wrote:

> Developers share a root login on these machines.

So, they're all equally trusted with all your data, then.

> We need to authenticate through the corporate proxy to hit the internet.

> We are using squid to do this encryption.

Encryption?

> However, developers have to enter their personal credentials into the
> squid file for this to work.

Er, what?

Why do the credentials go into squid.conf?

> Any developer can see others network credentials by opening this file.

So, use PAM / LDAP / (basically something else) to do the authentication, and then just tell Squid to allow "authenticated users".


Antony.

--
Ramdisk is not an installation procedure.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.squid-2Dcache.org_listinfo_squid-2Dusers&d=BQIGaQ&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=NJHWY9HRoWMKBsUpjq2jkHTAObROemxXrDpnlR7eJCk&m=pqvY3jCM4bogStAHsGlG2uDtdebKsG9mngLtjSA6XMY&s=JKrN7QT5ZMmMtpm_QIIoWHQ1YhDzwBNsbSql_7Iov14&e=

________________________________

This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain information that is confidential and protected by law from unauthorized disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.


More information about the squid-users mailing list