sandrop icon indicating copy to clipboard operation
sandrop copied to clipboard

Published 20 hours ago verified publisher icon SuppSandroB

HTTP digest authentication

Open mrkschan opened this issue 9 years ago • 3 comments

I have setup a squid3 on ubuntu14.04 and tried using Drony to connect to it. Drony keeps prompting username and password while squid3 access log keeps show HTTP407 responses. Would that be my configuration problem or what?

Using manual setup, plain http proxy, set username, password, realm on Drony.

mrkschan avatar Dec 23 '15 15:12 mrkschan

Try first to setup with username/password so squid3 will work okey. Then test with digest. Must say that digest is not very used auth any more. If you need better security try to use username/password over https. https://blog.habets.se/2014/09/Secure-browser-to-proxy-communication---again

SuppSandroB avatar Dec 29 '15 10:12 SuppSandroB

Thanks for the security reminder :smile:.

I think my htdigest setup on squid3 is working since I can use it on many other machines and I can use it with SandroProxy. I just wonder if I can switch from SandroProxy to Drony since Drony vpn model is so convenient!

mrkschan avatar Jan 04 '16 15:01 mrkschan

Hi - I'd like to add a vote for this as digest still has its role: it's safe enough for auth and avoids multiple layers of encapsulation, everything being HTTPS anyway. FYI ProxyDroid works with digest and is open source, but requires root so not an option where Drony works

rgcosma avatar May 05 '18 14:05 rgcosma