system-proxy: Add auth schemes to policy
Currently an attacker can obtain the System-proxy policy set credentials by tricking the Chromebook to connect to a proxy with a less secure auth scheme. To protect against a downgrade attack, this CL adds policy_credentials_auth_schemes to the SystemProxySettings policy which will allow admins to specify for which proxy auth schemes the credentials can be applied to. If no value is set by policy, then all three username+password auth schemes are allowed. This is to have backwards compatibility with the current policy until AdminConsole is updated. Bug: 1132247 Test: browser test Change-Id: I67a21c88c411a4373159aaa5f8cadb948e5b9cc9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2484446 Commit-Queue: Andreea-Elena Costinas <acostinas@google.com> Reviewed-by:Pavol Marko <pmarko@chromium.org> Reviewed-by:
Omar Morsi <omorsi@google.com> Cr-Commit-Position: refs/heads/master@{#824019}
Showing
Please register or sign in to comment