RE: httptunnel

["Shivdasani, Meenoo" <Meenoo_Shivdasani () NAI com>]

> Only firewalls which authenticate every time you retrieve a file from
> outside the domain which you authenticated against would be 
> safe. However,
> I think that due to the fact that many web pages now have 
> links to graphics
> on advertisement networks (which would cause you to 
> re-authenticate several
> times as it downloads the different graphics), very few 
> people have this
> kind of setup.

I know that at least one firewall with authenticated http requests
authentication for each and every connection that you make through the
firewall.  Most users will only visibly have to authenticate once, if the
authentication is plaintext and is just being used for tracking measures on
a DHCP network.  The browser caches the password and sends it on request
every other time.  Given plaintext passwords, a standard authentication
format, and a competent coder, I suspect that it wouldn't be that hard to
modify httptunnel so that it could deal with authenticated http.

M