On 2012-09-25 10:25, Mike Gabriel wrote:
On Di 25 Sep 2012 05:08:19 CEST glpk xypron wrote:
I am not aware of proxies being contacted over https.
Hmmm... this indeed is true... The feature will mostly be an inside-to-outside connection. Hmmm... To get it clear, would we send http-proxy authentication strings in cleartext to the proxy server or would we send the remote X2Go server credentials to the proxy in cleartext.
Client ---http & Basic Auth---> proxy (Basic Auth) -> New Socket Using this new socket: Client ---SSL ---- Socket at Proxy ---Still same SSL---> Server
This we first authenticate unencrypted at the proxy using the proxy user/pass. Then the SSL connection is made to the server and we authenticate against the server.
Sending proxy auth in cleartext probably is common practice (?). Most proxy setups do not even need an auth-against-the-proxy.
Yep, but some do.
This feature clearly needs a good documentation so that we do not false security alarms on the mailing lists!!!
Nay, I think this is a matter of the gui that must clearly suggest, that this user/password is for the proxy.
/--- Proxy-----------------------
| Enable:
| Address :
| User (optinal):
| Password (optional):
\-------------------------------/
Morty
-- Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter) Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Friedrich-Alexander-Universität Erlangen-Nürnberg Martensstr. 1 91058 Erlangen
Tel : +49 9131 85-25419 Fax : +49 9131 85-28732 eMail : struebe@informatik.uni-erlangen.de WWW : http://www4.informatik.uni-erlangen.de/~morty