On ma, 04 maalis 2019, Edward Valley via FreeIPA-users wrote:
> Thanks for your answer. Doing it the way you propose, squid uses
> basic authentication, which exposes user names and passwords in
> the network because of the simple base64
> encoding.
Just set up your clients to use HTTPS proxy connection in the browser.
https://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_conne...
talks about it. Both Chrome-based browsers and Firefox do work just fine
with HTTPS connection to the proxy for years now.
Beyond the fact that the hash in the clear makes for possible replay
attacks unless Squid properly enforces nonces.
rob