Open ghost opened 9 years ago
jdppettit
commented
9 years ago This is required as the VNC port listens publicly. Without the password anybody could connect to the console and do whatever they want. Regarding the asterisk bit, I'll toy around and see if I can make that better. DO has a custom scheme that doesn't involve that header, I'll see if maybe I can pass the token behind the scenes to authenticate you.
ghost
commented
9 years ago Oh, I understand; I figured there was a purpose for it. But, maybe like you said; toy around with it to see if that process can be eliminated. If not, it's not too much of a hassle really. I know you guys are just getting this off the ground. Bigger fish to fry.. I'm sure! Thanks for continuing to humor me. Sent from Outlook
On Sun, Mar 8, 2015 at 5:24 PM -0700, "Joe Pettit" notifications@github.com wrote:
This is required as the VNC port listens publicly. Without the password anybody could connect to the console and do whatever they want. Regarding the asterisk bit, I'll toy around and see if I can make that better. DO has a custom scheme that doesn't involve that header, I'll see if maybe I can pass the token behind the scenes to authenticate you.
— Reply to this email directly or view it on GitHub.
Forgive me, I am unsure how NoVNC works, however, is it necessary to require the password to access console? Is it possible that one could access consoles of the servers w/o being logged into the UI? If not, I suspect this is perhaps an extra layer of protection
I also noticed, copying / pasting the password it does not show asterisk, it's empty; but the password is certainly present, as hitting enter, shows the console.