So we are going to be using remote utilities for a POS based project we are about to launch, however we have noticed that if a user manages to get the IP address for the remote utilities relay server and they know the port, the can directly just connect straight through. Is there anyway to prevent this or put a password on the relay server for when a user wants to connect otherwise this could surely be a security breach?
I read this thread with interest but I don't quite understand the particulars of the problem. I'm putting together some in-house training for a team and would like to know what might change in the next beta.
if a user manages to get the IP address for the remote utilities relay server and they know the port, the can directly just connect straight through.
I'm not sure what this means, what are the steps to reproduce this issue? As far as I can work out it's not possible to connect to any hosts without a host password or a relay logon. I'd like to understand so I can incorporate any procedure changes in my training.
As far as I can work out it's not possible to connect to any hosts without a host password or a relay logon.
The problem that Matthew mentioned is not about authorization or security. It's just that the server can be used as an intermediary by someone who just knows its address and port. That poses no threat to security but it's still a nuisance.
That said, in the upcoming version 188.8.131.52 beta 2 we will implement certain mechanism to protect the server from such use. Again, it's not about any "security breach" or anything like that, it's just that it is possible to "piggyback" on someone else's server should you know its address and port used.