cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anshul Gangwar <anshul.gang...@accelerite.com>
Subject Re: hidden configuration items
Date Mon, 09 May 2016 04:55:53 GMT
I didn’t get  how will you use that info to connect? 

There are three connections involved in showing console to user. 

ms ——authenticate—> CPVM ——for VNC console—>Hypervisor
					^
					| gets images from CPVM
		 		web  browser

Which of the above components you want to keep and which to remove?

Also you can look into other implementations of Console proxy which are rarely used to get
more info.

Regards,
Anshul



> On 07-May-2016, at 11:39 AM, Nathan Johnson <njohnson@ena.com> wrote:
> 
> If you hit the /client/console endpoint with a vmid, it sends you back some  
> data that contains a link to a the console proxy VM and passes an encrypted  
> json payload that has the user, password and port for a vnc connection.   
> Normally this is meant to load in an iframe.  We want to decrypt this  
> response to direct a VNC client to the appropriate host / port / user /  
> pass and bypass use of the console proxy VM.  The key and iv appear to be  
> stored in the configuration table under the names security.encryption.key  
> and security.encryption.iv, but as they are hidden we cannot get these  
> credentials via the listConfigurations endpoint as-is.  So my question is:
> 
> What would be the most appropriate way to open up the possibility of  
> showing “hidden” configuration items via this API to our middleware?  Some  
> sort of entry in a config file somewhere?  An entry in the configuration  
> table itself?  Or is there some other way to get this information I’m  
> looking for?
> 
> Thanks in advance.
> 
> Nathan




DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite,
a Persistent Systems business. It is intended only for the use of the individual or entity
to which it is addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent
Systems business does not accept any liability for virus infected mails.
Mime
View raw message