On Mon, Aug 09, 2004 at 10:16:14AM -0400, Patrick McFarland wrote: > Remember that theres two remote options: enable-remote-toggle and > enable-edit-actions. Also, iirc. you can change what it points to I did already catch that, as it's mentioned in conf comments. > through the web interface, so I'd double check to see if its still > pointed at tor. Yep, no one has bothered to point it elsewhere. Has only been running a few minutes. > > Is there a way to authenticate privoxy access? (I don't have IPsec up yet). > > Another question: is it possible to wrap sessions to privoxy in SSL? Is > > Stunnel the way to go? > > http proxies work by having the browser go "GET > http://someremoteurl.com/"; like browsers usually do with web servers. > The http proxy then does the request on behalf of the browser, and the > web server returns data to the proxy, then the proxy returns the data > to the browser. > > The way this works, the http proxy is almost transparent, and you > can't add anything the browser wouldnt already be doing. Stunnel Currently the connection to the privoxy/tor part is in clear. I'd like to 1) encrypt and 2) authenticate that. I think an ssh tunnel is the way to go. > doesn't look useful for this either. Anonymizing proxies are largely useless, if Mallory sees the last leg to the journey (browser<-->proxy). > > > security issue it is. Its something I wouldn't do. > > > > Do you have a specific threat model in mind, or is this the classical > > "minimize the number of unnecessary services" rule? > > The minimize the number of services rule. I was trying to think of an > exact problem (like an open proxy can be used as a ddos zombie box), > but since it only outputs into tor, tor itself is capable of doing > stuff like this on it's own. Thanks. > The only thing you now have a problem with is a dos attack against > your own box: if someone floods your box with connections to the > proxy, it will chew cpu and memory like mad. (Im assuming a tor flood > wouldn't be as bad) It's largely a hypothetical threat, I hope (everybody: please don't feel compelled to prove me wrong, if you're reading it). -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net
Attachment:
pgp00012.pgp
Description: PGP signature