[X2Go-Dev] Bug#34: SSH_OPTIONS_FD
Oleksandr Shneyder
oleksandr.shneyder at obviously-nice.de
Tue Sep 25 10:47:08 CEST 2012
Am 25.09.2012 10:25, schrieb Mike Gabriel:
> Hi,
>
> On Di 25 Sep 2012 05:08:19 CEST glpk xypron wrote:
>
>> I am not aware of proxies being contacted over https.
>
> Hmmm... this indeed is true... The feature will mostly be an
> inside-to-outside connection. Hmmm... To get it clear, would we send
> http-proxy authentication strings in cleartext to the proxy server or
> would we send the remote X2Go server credentials to the proxy in cleartext.
only proxy server authentication is in clear text. However, many setups
have the same authentication for proxy-users as for system-users. Often
such authentication is performed over central LDAP-Server. Sure, it is a
fail of system administrator, if he allow such unecrypted authentication
over Internet. But I don't even give them a possibility to make such
mistake...
> Sending proxy auth in cleartext probably is common practice (?). Most
> proxy setups do not even need an auth-against-the-proxy.
>
> This feature clearly needs a good documentation so that we do not false
> security alarms on the mailing lists!!!
>
> Mike
>
>
Alex
--
Oleksandr Shneyder
Dipl. Informatik
X2go Core Developer Team
email: oleksandr.shneyder at obviously-nice.de
web: www.obviously-nice.de
--> X2go - everywhere at home
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20120925/9d3b6db5/attachment.pgp>
More information about the x2go-dev
mailing list