search

RetGal / Dayon

Dayon! - A cross-platform remote desktop assistance solution for your family and friends
https://retgal.github.io/Dayon/
GNU General Public License v3.0
146 stars 45 forks source link

Just a question #53

Closed thunderstar5000 closed 2 years ago

thunderstar5000 commented 2 years ago

Dear developer,

I only have a question, maybe you can explain it. I am wondering, when I create just a token, how does the assisted computer know, where it has to connect to? If I tell him my ip address, that is clear, but somehow the assisted has to know, what is my ip address.

As far as I understood, there is a server in the middle, but should mean, that a) this server must be existent, and who owns this server? b) the connection is handled by this server c) the ip or name of this server is hardcoded somewhere d) no more server = no more token connection?

Or is it some other way using to get the connection? At the moment I am still using the non-token connection by telling the assisted my ip address, this looks more secure for me as it is really end-to-end.

Thanks for any feedback!

Best regards

Hans-J. Ullrich

P.S. Dayon! is running great, using it with some friends, who do have very litttle knowledge with computers, and I am happy, they can at least handle Dayon!

RetGal commented 2 years ago

Hi Hans-J.

a) Yes, there is an "Rendez-Vous-Server" which issues the access tokens. This server is in fact a rather simple PHP script combined with a sqlite database: https://github.com/RetGal/Dayon/blob/master/ext/index.php It is currently running on a server hosted by a major company in Switzerland. The hosting fees are sponsored by me ;)

b) The server is just used for exactly two purposes:

See https://github.com/RetGal/Dayon/blob/master/docs/dayon.connection.diagram.svg Once the connection is established, all the data flows directly between Assistantand Assisted. (TLS encrypted, end-to-end)

c) Yes, its address is currently hardcoded, but it could be added as another optional attribute to the assisted.yaml in a future release. So users/companies could run their own "Rendez-Vous-Server". But on the other hand, Dayon!s focus should remain "Remote assistance for your family and friends" - hence keeping things as simple as possible while addressing rather individuals than companies.

d) If the server should die, no more tokens would be issued. The failback using IP address and port number would still work. The idea behind the access token was to simplify the process for the Assisted. It is much easier and less error prone to enter just four or five characters than an IP(v6) address and a port number ;)

Thank you for your positive feedback!

Regards Reto