Hello Mike,
in enterprise settings it is good practice to require authentication at the proxy to be able to be able log which user is doing what.
Best regards
Heinrich
-------- Original-Nachricht --------
Datum: Tue, 25 Sep 2012 10:25:25 +0200 Von: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> An: glpk xypron <xypron.glpk@gmx.de>, 34@bugs.x2go.org CC: Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> Betreff: Re: [X2Go-Dev] Bug#34: SSH_OPTIONS_FD
Hi,
On Di 25 Sep 2012 05:08:19 CEST glpk xypron wrote:
I am not aware of proxies being contacted over https.
Hmmm... this indeed is true... The feature will mostly be an
inside-to-outside connection. Hmmm... To get it clear, would we send
http-proxy authentication strings in cleartext to the proxy server or
would we send the remote X2Go server credentials to the proxy in
cleartext.Sending proxy auth in cleartext probably is common practice (?). Most
proxy setups do not even need an auth-against-the-proxy.This feature clearly needs a good documentation so that we do not
false security alarms on the mailing lists!!!Mike
--
DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...