Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
Currently, when using HTTP proxies, PuTTY only supports HTTP Basic
authentication, which involves sending the user's password over the
network in cleartext, which is Bad.
HTTP Digest authentication is marginally more secure, and not
ludicrously complex, so PuTTY should probably support it.
Do we need to worry about whether this capability ends up in PuTTYtel?
2021-12-29: now done, and it's left out of PuTTYtel along with other cryptographic proxy auth such as SOCKS 5 CHAP.
(A side-effect of this change is that where PuTTY would previously eagerly send any proxy credentials immediately on connecting to the proxy, it now first attempts the proxy connection with no authentication, waiting for a 407 response from the proxy server to indicate which proxy authentication methods can be used, and reconnecting as necessary.)