On 2012-09-25 10:25, Mike Gabriel wrote: > > On Di 25 Sep 2012 05:08:19 CEST glpk xypron wrote: > >> I am not aware of proxies being contacted over https. > > Hmmm... this indeed is true... The feature will mostly be an > inside-to-outside connection. Hmmm... To get it clear, would we send > http-proxy authentication strings in cleartext to the proxy server or > would we send the remote X2Go server credentials to the proxy in > cleartext.
Client ---http & Basic Auth---> proxy (Basic Auth) -> New Socket Using this new socket: Client ---SSL ---- Socket at Proxy ---Still same SSL---> Server This we first authenticate unencrypted at the proxy using the proxy user/pass. Then the SSL connection is made to the server and we authenticate against the server. > > Sending proxy auth in cleartext probably is common practice (?). Most > proxy setups do not even need an auth-against-the-proxy. Yep, but some do. > > This feature clearly needs a good documentation so that we do not > false security alarms on the mailing lists!!! Nay, I think this is a matter of the gui that must clearly suggest, that this user/password is for the proxy. /--- Proxy-----------------------\ | Enable: | Address : | User (optinal): | Password (optional): \-------------------------------/ Morty -- Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter) Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Friedrich-Alexander-Universität Erlangen-Nürnberg Martensstr. 1 91058 Erlangen Tel : +49 9131 85-25419 Fax : +49 9131 85-28732 eMail : [email protected] WWW : http://www4.informatik.uni-erlangen.de/~morty
smime.p7s
Description: S/MIME Kryptografische Unterschrift
_______________________________________________ X2Go-Dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
