#1660 closed defect (wontfix)
client also send a challenge to the server
| Reported by: | Antoine Martin | Owned by: | Antoine Martin |
|---|---|---|---|
| Priority: | major | Milestone: | future |
| Component: | network | Version: | trunk |
| Keywords: | Cc: |
Description
This would not prevent MITM attacks on its own, but could be used to prevent a client from connecting to a malicious server.
Only slight problem is that this requires the server to have access to the password value, which is not always available to the auth module... (ie: allow and pam do not)
So if this is added, this should not be the default.
Attachments (1)
Change History (4)
Changed 3 years ago by
| Attachment: | server-challenge.patch added |
|---|
comment:1 Changed 3 years ago by
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
The patch above is on top of r17173, it isn't too intrusive but seeing that we can't make it the default, I don't think we should apply it.
Version 0, edited 3 years ago
by
(next)
comment:3 Changed 3 days ago by
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1660
Note: See
TracTickets for help on using
tickets.
copyleft 2010 - 2020
implement server challenge support