[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] SquidGuard client requests




On 11/18/05, David Neimeyer <admin bookpeople com> wrote:
I'm hoping to get some clarification:

Whether or not you are running a transparent proxy or not, there is no
way, outside of local apps, for ltsp clients to make unique address
requests to squid/squidGuard?
 
Ident(d) may work for you.  Squid can use ident for identification, and if you are running it on your LTSP server then the TCP connections are identified by the correct user ids.
 
I have to add that Ident is not safe
1) It can easily be spoofed.
2) Transmits valid user ids so it can make it easier for someone to hack your system.
3) May be vulnerable to buffer over/under run attacks
 
So if you do use Ident make sure that your LTSP server is on an intranet that is protected by a firewall, also make sure you don't broadcast ident responses to people outside of your intranet or people you don't trust.
 
Darryl Palmer

 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]