Hi Henrik,

At 18.26 16/04/2004, Henrik Nordstrom wrote:

>On Fri, 16 Apr 2004, Serassio Guido wrote:
> > Henrik:
> > I have forgotten this detail ...., thanks for remember me it.
> >
> > But I have a question for you: why don't make this a squid.conf option

> like
> > "httpd_accel_authentication on|off" valid only when Squid runs as an httpd
> > accelerator ?

>The problem is already solved in Squid-3.0 with the split of acceleration
>and interception, completely eleminating the need for this define.
>Squid-2.5 is in bug maintenance mode since long back so there should be no
>new features unless security related or otherwise critical. And by
>experience making this option visible people will abuse it in interception
>mode without understanding what it does and then get badly bitten by their
>users even if we write in bold capital letters all over the place that
>this is not possible (which is why the define was added) so I prefer
>having discussion about it each time a user needs this feature of
>accelerator more authentication in Squid-2.5 or earlier.

OK, I'was thinking to 3.0, so my question is unuseful.

>In the NT build such abuse is less likely as interception with NT is very
>uncommon, so I don't mind if this option is enabled by default there
>especially not considering that compiling Open Source programs scares most
>NT admins and is somewhat more complex than in the UNIX world..

You are right: interception on NT is a feature non currently available, so
build Windows binaries with AUTH_ON_ACCELERATION defined should be safe.



================================================== ======
Guido Serassio
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/