From oleksandr.shneyder@obviously-nice.de Tue Sep 25 10:47:15 2012 Received: (at 34) by bugs.x2go.org; 25 Sep 2012 08:47:15 +0000 Received: from phoca.obviouslynice.de (85-10-207-20.clients.your-server.de [85.10.207.20]) by ymir (Postfix) with ESMTP id 25C0F5DB15 for <34@bugs.x2go.org>; Tue, 25 Sep 2012 10:47:15 +0200 (CEST) Received: from [192.168.0.108] (188-195-168-12-dynip.superkabel.de [188.195.168.12]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by phoca.obviouslynice.de (Postfix) with ESMTPSA id E0A611A000A; Tue, 25 Sep 2012 10:25:42 +0200 (CEST) Message-ID: <50616F8C.2020600@obviously-nice.de> Date: Tue, 25 Sep 2012 10:47:08 +0200 From: Oleksandr Shneyder User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.6esrpre) Gecko/20120817 Icedove/10.0.6 MIME-Version: 1.0 To: Mike Gabriel CC: glpk xypron , 34@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#34: SSH_OPTIONS_FD References: <505CC771.20300@gmx.de> <505D9F99.10808@gmx.de> <505DA7B4.3030909@informatik.uni-erlangen.de> <505F6DDB.1070304@gmx.de> <5060251D.90202@informatik.uni-erlangen.de> <20120924132602.316510@gmx.net> <50607239.5090308@informatik.uni-erlangen.de> <5060CF1E.20700@gmx.de> <5060EA24.7070600@obviously-nice.de> <20120925030819.309160@gmx.net> <20120925102525.15264n2buhtuy73p@mail.das-netzwerkteam.de> In-Reply-To: <20120925102525.15264n2buhtuy73p@mail.das-netzwerkteam.de> X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig55790AC9E41518DBAE07D369" This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig55790AC9E41518DBAE07D369 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 25.09.2012 10:25, schrieb Mike Gabriel: > Hi, >=20 > On Di 25 Sep 2012 05:08:19 CEST glpk xypron wrote: >=20 >> I am not aware of proxies being contacted over https. >=20 > Hmmm... this indeed is true... The feature will mostly be an > inside-to-outside connection. Hmmm... To get it clear, would we send > http-proxy authentication strings in cleartext to the proxy server or > would we send the remote X2Go server credentials to the proxy in cleart= ext. only proxy server authentication is in clear text. However, many setups have the same authentication for proxy-users as for system-users. Often such authentication is performed over central LDAP-Server. Sure, it is a fail of system administrator, if he allow such unecrypted authentication over Internet. But I don't even give them a possibility to make such mistake... > Sending proxy auth in cleartext probably is common practice (?). Most > proxy setups do not even need an auth-against-the-proxy. >=20 > This feature clearly needs a good documentation so that we do not false= > security alarms on the mailing lists!!! >=20 > Mike >=20 >=20 Alex --=20 Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team email: oleksandr.shneyder@obviously-nice.de web: www.obviously-nice.de --> X2go - everywhere@home --------------enig55790AC9E41518DBAE07D369 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlBhb5IACgkQxQmEC5b4kTMA9QCfUqUqx9T3bNgTzwwfu6I9JLHa /asAni6/VmWnEPReTfW90c+Pf/mnrpUV =5rhx -----END PGP SIGNATURE----- --------------enig55790AC9E41518DBAE07D369--