Bugtraq mailing list archives
Re: Redhat 6.0 cachemgr.cgi lameness
From: hno () HEM PASSAGEN SE (Henrik Nordstrom)
Date: Fri, 30 Jul 1999 23:48:25 +0200
Peter Boutzev wrote:
I did not found any information about useing an encrypted manager password in squid.conf".
Yes, the cachemgr_passwd directive is lame and not very secure. However, most proxy servers should be isolated from the users and not allow interactive logons (other than possibly the cache manager using SSH for maintaining the server), so if people are allowable to get to the point where they may read Squids configuration file then you probably are in deep shit anyway. A more secure way to protect the cachemgr functions than the cachemgr_passwd directive is with Squids access list controls. This method allows you to control access on a per user basis, with passwords stored in mostly any source (implementations exists for NCSA style password files, LDAP, PAM, Unix, and a lot more). -- Henrik Nordström Squid developer
Current thread:
- Re: Redhat 6.0 cachemgr.cgi lameness Kerb (Jul 25)
- Re: Redhat 6.0 cachemgr.cgi lameness Daniel Fonseca (Jul 27)
- Re: Redhat 6.0 cachemgr.cgi lameness Henrik Nordstrom (Jul 27)
- <Possible follow-ups>
- Re: Redhat 6.0 cachemgr.cgi lameness Henrik Nordstrom (Jul 30)