A)
+I trying to find a way to make it easyer to configure...
What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt
Changes can be made on the fly....
Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..
Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Some idea for SC
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: Some idea for SC
If it checked against a list of approved addresses it wouldn't be a bad way to do it. Otherwise, it would be easy access for a semi-inteligent hacker with brute force password cracking tools.
Rudi De Vos wrote:A)
+I trying to find a way to make it easyer to configure...
What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt
Changes can be made on the fly....
Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..
Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??
Rudi,
A downloadable config sounds like a great idea! Will you add an option to have a default that will automatically connect without asking the users. Believe it or not, end-users have problems with figuring out what option to double click after the software loads. It would be smoother for them to download and be connected. (maybe a pop-up in the system tray, that says "Support rep is connected")
A downloadable config sounds like a great idea! Will you add an option to have a default that will automatically connect without asking the users. Believe it or not, end-users have problems with figuring out what option to double click after the software loads. It would be smoother for them to download and be connected. (maybe a pop-up in the system tray, that says "Support rep is connected")
Re: Some idea for SC
http insecureRudi De Vos wrote:A)
+I trying to find a way to make it easyer to configure...
What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt
Changes can be made on the fly....
Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..
Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??
https more security, but more overhead and larger filesize.
tftp real small, no security, except you need to know the file location. It is soo small that it is used by some worms to bring in the rest of the worm once a system is infected.
And the real issue... except for DOS attacks is there any real security threat?
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
http insure, why ?
1) Server check for a config file, hosted on my webpage ( by some isp)
2) If a want a connection, i upload the config file to my webdirectory, config file contain my current viewer ip
3) Server find file and connect to this viewer.
+The risk is that someone else upload a config file. To do this, he needs to break the isp security.
+The domain name of my isp get hijacket...unlikely
What do i miss ?
1) Server check for a config file, hosted on my webpage ( by some isp)
2) If a want a connection, i upload the config file to my webdirectory, config file contain my current viewer ip
3) Server find file and connect to this viewer.
+The risk is that someone else upload a config file. To do this, he needs to break the isp security.
+The domain name of my isp get hijacket...unlikely
What do i miss ?
http is cleartextRudi De Vos wrote:http insure, why ?
Agreed.Rudi De Vos wrote:1) Server check for a config file, hosted on my webpage ( by some isp)
2) If a want a connection, i upload the config file to my webdirectory, config file contain my current viewer ip
3) Server find file and connect to this viewer.
Agreed.Rudi De Vos wrote:+The risk is that someone else upload a config file. To do this, he needs to break the isp security.
DNS hijacking is actually quite easy.Rudi De Vos wrote:+The domain name of my isp get hijacket...unlikely
What do i miss ?
IMHO the real question here is how critical is it to protect the text file? Is there anything there that actually needs to be protected?
It would be nice to be able to pull the key file remotly, but then you *do* have a major security issue.
Rudi,
Am unable to get the [DIRECT] attribute to work,
When testing without DIRECT is provide a menu and connects properly. But with the [DIRECT] an icon shows in the system tray, but nothing happens. Shouldnt it automatically connect to the host designated.
Thanks!
>
>If you add [DIRECT] and only have 1 [HOST] defined, the >menu is not shown
>and the connection is direct started. (can be usefull for >scripting)
Am unable to get the [DIRECT] attribute to work,
When testing without DIRECT is provide a menu and connects properly. But with the [DIRECT] an icon shows in the system tray, but nothing happens. Shouldnt it automatically connect to the host designated.
Thanks!
>
>If you add [DIRECT] and only have 1 [HOST] defined, the >menu is not shown
>and the connection is direct started. (can be usefull for >scripting)
- Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Correct, [DIRECT] use second host entry but only allow 1 host entry---> never worked ( only in debug on my PC)
Corrected and updated...
Menu is now shown for 2 sec, before the [DIRECT] is made
I used your config for testing....
Sorry for the viewer connections, realised to late that i actual was doing a connection
Your config is missing blank lines, not used items require an empty line
[TEXTTOP]
[TEXTMIDDLE]
----> Use [TEXTMIDDLE] is text for place [TEXTTOP]
-------------------
[TITLE]
[HOST]
1) info
2) command line
[TEXTTOP]
<<<<<-----blank line needed if you want "texttop" empty
[TEXTMIDDLE]
[TEXTBOTTOM]
[TEXTRBOTTOM]
[TEXTRMIDDLE]
[TEXTRTOP]
[TEXTBUTTON]
[WEBPAGE]
[TEXTCLOSEBUTTON]
[BALLOON1TITLE] <<<<<-If this does not exist, no balloon1
[BALLOON1A]
[BALLOON1B]
[BALLOON1C]
[BALLOON2TITLE]<<<<<-If this does not exist, no balloon2
[BALLOON2A]
[BALLOON2B]
[BALLOON2C]
[DIRECT]
------------------------------------------------
Corrected and updated...
Menu is now shown for 2 sec, before the [DIRECT] is made
I used your config for testing....
Sorry for the viewer connections, realised to late that i actual was doing a connection
Your config is missing blank lines, not used items require an empty line
[TEXTTOP]
[TEXTMIDDLE]
----> Use [TEXTMIDDLE] is text for place [TEXTTOP]
-------------------
[TITLE]
[HOST]
1) info
2) command line
[TEXTTOP]
<<<<<-----blank line needed if you want "texttop" empty
[TEXTMIDDLE]
[TEXTBOTTOM]
[TEXTRBOTTOM]
[TEXTRMIDDLE]
[TEXTRTOP]
[TEXTBUTTON]
[WEBPAGE]
[TEXTCLOSEBUTTON]
[BALLOON1TITLE] <<<<<-If this does not exist, no balloon1
[BALLOON1A]
[BALLOON1B]
[BALLOON1C]
[BALLOON2TITLE]<<<<<-If this does not exist, no balloon2
[BALLOON2A]
[BALLOON2B]
[BALLOON2C]
[DIRECT]
------------------------------------------------