[winswitch] HTML5 authentication

Mukul Agrawal mukulagrawal78 at yahoo.com
Fri Dec 30 19:17:21 GMT 2016


Thanks Antoine!I am just starting to look into this aspect and trying to understand what the risks are. 
I understand that risks are very use case dependent. So please excuse me for vague question. 

Do you think that once I setup TLS transport for the HTML5 client, it will make client reasonably secured against most common security concerns?If I plan to take up a project for myself, would it be super hard to try to integrate the HTML5 client with some sort of single-sign-on using Auth0 or something similar?Do you have any recommendations or thoughts?
 Regards, 
Mukul 
 

    On Thursday, December 29, 2016 8:29 PM, Antoine Martin via shifter-users <shifter-users at lists.devloop.org.uk> wrote:
 

 On 24/12/16 04:47, Mukul Agrawal via shifter-users wrote:
> Do you have some documentation/link that provides some insight on the authentication is being used with HTML5 client?
The (optional) authentication credentials are sent in the http request.
Those are processed by the HTML5 client javascript code.

> Is there any cookie, token or session ID included in communication
with XPRA server?
No.
The HTML5 client only uses a single websocket connection to the server.

> Does the server check for state or session existence on every request?  
There are no HTTP requests after downloading the HTML5 client.

> Does an authenticated session expire?
What "session"? (as per above, there is no HTTP session)
The HTML5 websocket connection to the xpra server does not expire.

Cheers
Antoine

> 
>  Regards, 
> Mukul 
>  
> 
>    On Sunday, December 11, 2016 4:14 AM, Antoine Martin via shifter-users <shifter-users at lists.devloop.org.uk> wrote:
>  
> 
>  On 11/12/16 07:43, Philip Loewen via shifter-users wrote:
>> Thanks for Xpra, excellent software. I use it on both Ubuntu and CentOS.
>> Right now only CentOS is willing to upgrade to version 1.0.
>>
>> I see deb files named xpra_1.0... in
>>  xpra.org/dists/yakkety/main/binary-amd64,
>> but in the corresponding directory for xenial the latest is xpra_17.6.
> Thanks for reminding me, I had forgotten to push those. Done now.
> 
>> Is there some easy way to upgrade Xpra on my xenial systems?
> apt-get update && apt-get upgrade
> Should work this time.
> 
> Cheers
> Antoine
> 
>>
>> Thanks, Philip
>>
>>
>> _______________________________________________
>> shifter-users mailing list
>> shifter-users at lists.devloop.org.uk
>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
> 
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
> 
> 
>    
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
> 

_______________________________________________
shifter-users mailing list
shifter-users at lists.devloop.org.uk
http://lists.devloop.org.uk/mailman/listinfo/shifter-users


   


More information about the shifter-users mailing list