weizhouapache commented on issue #4550: URL: https://github.com/apache/cloudstack/issues/4550#issuecomment-747436198
> I suppose it's not a security issue as long as the user is logged in and has access to the VM. @rhtyd user can access the vm via URL in the page source, on other servers, without login. for example, you open a vm console view the source and get link like https://<console proxy public ip>/resource/noVNC/vnc.html?port=8080&token=XXXXXXXX send the link to your colleague in another country he will be able to access the vm console via the link (link is valid for 3 minutes). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
