> This patch against CVS fixes an issue where the user's supplied login > credentials could override what was pre-set for a module when using > automatic login (rdp_autologin). This would introduce two security > problems: > > - It would be possible for a user to use alternative login credentials > for a module, allowing them to login with another account they have > credentials for when they are not supposed to be allowed to, where that > module is a session manager. > > - Thin clients would require the login details be publicly accessible > for them to be able to download the login information, which would mean > anyone on the network could download the configuration file and see the > login credentials that the clients used. > > With this patch, if a module has the username and password pre-set (not > set to "ask" in xrdp.ini), it will use those details and ignore whatever > credentials the client supplies. > > Again, please CC me in on any replies, as I'm not on-list.
committed, slightly modified. Jay ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ xrdp-devel mailing list xrdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xrdp-devel
