Forums

Shared Secret
Shared Secret

L B, User (Posts: 2)

Feb 04, 2014 9:02:54 am EST

Conrad Sallian wrote:

L B wrote:
Hi,

How is the "shared secret" feature supposed to work? Right now I set it on a host but I can still connect to the host with only the password entered in the viewer machine. Using Internet ID to connect, Windows 8 host, Windows 8.1 viewer.

Any input please?

Hello,

The purpose of shared secret is not to replace authorization. It's for checking the identity of the Host. That is, if you have shared secret enabled on your Host, but don't have it enabled in your Viewer (or rather a specific connection on your Viewer), you'll still be able to connect. But not the other way around - that is, if you have a shared secret field populated in your connection properties on the Viewer, but the Host has an empty field (or a different shared secret for that matter), you won't be able to connect.

So the identity check starts at the Viewer side. If the shared secret field in the connection properties in the Viewer is disabled, then no identity check takes place at all, regardless of the Host's shared secret field value. Because the program rightfully suggests that if you didn't enter anything in the connection properties shared secret field, you do not need identity check, and hence there's no reason for not allowing remote connection. But IF there is at least any value in the shared secret field in the connection properties in the Viewer, then the program MUST check it against Host's shared secret value.

Thanks for replay.

To me this feels it should be the other way instead. Why would I need to check identity of the Host, I already connect to it with an IP or ID so I don't see the benefits of it (but I might miss something here).

Instead if the Host would require the Viewer to know the shared secret, it would add an extra layer of security and I think that is the way what most people would expect it to work in.

What is the recommended setup to make a connection as secure as possible? Is it a long password and only allow certain ip addresses then?

Shared Secret
Shared Secret

L B, User (Posts: 2)

Feb 04, 2014 5:23:49 am EST

Hi,

How is the "shared secret" feature supposed to work? Right now I set it on a host but I can still connect to the host with only the password entered in the viewer machine. Using Internet ID to connect, Windows 8 host, Windows 8.1 viewer.

Any input please?