Am 25.09.2012 10:25, schrieb Mike Gabriel:
Hi,
On Di 25 Sep 2012 05:08:19 CEST glpk xypron wrote:
I am not aware of proxies being contacted over https.
Hmmm... this indeed is true... The feature will mostly be an inside-to-outside connection. Hmmm... To get it clear, would we send http-proxy authentication strings in cleartext to the proxy server or would we send the remote X2Go server credentials to the proxy in cleartext.
only proxy server authentication is in clear text. However, many setups have the same authentication for proxy-users as for system-users. Often such authentication is performed over central LDAP-Server. Sure, it is a fail of system administrator, if he allow such unecrypted authentication over Internet. But I don't even give them a possibility to make such mistake...
Sending proxy auth in cleartext probably is common practice (?). Most proxy setups do not even need an auth-against-the-proxy.
This feature clearly needs a good documentation so that we do not false security alarms on the mailing lists!!!
Mike
Alex
Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team
email: oleksandr.shneyder@obviously-nice.de web: www.obviously-nice.de
--> X2go - everywhere@home