From: Al Kulp [kulp@WWW.AUHSD.K12.CA.US]
Sent: Tuesday, August 03, 1999 1:47 PM
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: Re: CSM Proxy Administration

It is a direct quote of the response from our lead developer
for the proxy.
__________Begin Quote____________________
this is only partly true - the gui (proxyadm.exe) uses
the win-nt network to connect to a remote registry (=SMB)
therefore the nt security checks apply = if you are not
logged in as administrator, you will not get access to
the remote registry.

unfortunately proxyadm.exe doesn't check if access is
possible - if it isn't it simply shows the default values
for a proxy server - however, if you change anything and
press apply/ok nothing is saved at the server side.

usually SMB is something that should be blocked by a
packet filtering firewall - or by security settings of
win-nt - hence there shouldn't be a real security leak.

however, we are working (as you know maybe) on a complete
new implementation of the administration in Java - which
uses a TCP connection to a configuration server. this
connection is encrypted by a SSL like mechanism via public
and private key algorithms (not actual SSL - we've implemented
a similar mechanism that is properly adjusted for
performance in our application)
this new administration tool will completely replace
the Windows-GUI and the Web-Interface with the next version.

I hope that answers your question.
_________________End quote_________________________

Russ,

I've verified this.  If your not logged in as admin all you see is the
CSM proxy defaults (not the actual settings).

--
Al Kulp
Anaheim Union High School District