Some idea for SC

Single Click discussions / bugs

Some idea for SC

Postby Rudi De Vos » 2004-12-06 20:04

A)
+I trying to find a way to make it easyer to configure...

What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt

Changes can be made on the fly....

Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..

Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5681
Joined: 2004-04-23 10:21

Postby Sergio » 2004-12-06 21:10

Very good idea, Rudi ...
Anyway, let the embeded helpdesk.txt option opened ... maybe you can do something like this: if there is a helpdesk.txt on the current folder, use it, if not download it from the configured site. Just my 2 cents. :)
Sergio
40
40
 
Posts: 103
Joined: 2004-05-22 20:02

Postby Rudi De Vos » 2004-12-06 23:00

Current helpdesk.txt is always needed...
Need top define htt://myhost... somewhere

I only want to be able to overwrite host info
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5681
Joined: 2004-04-23 10:21

Re: Some idea for SC

Postby pgmoney » 2004-12-07 06:21

If it checked against a list of approved addresses it wouldn't be a bad way to do it. Otherwise, it would be easy access for a semi-inteligent hacker with brute force password cracking tools.


Rudi De Vos wrote:A)
+I trying to find a way to make it easyer to configure...

What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt

Changes can be made on the fly....

Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..

Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??
User avatar
pgmoney
100
100
 
Posts: 285
Joined: 2004-06-26 22:29

Postby eo » 2004-12-09 12:43

Rudi,

A downloadable config sounds like a great idea! Will you add an option to have a default that will automatically connect without asking the users. Believe it or not, end-users have problems with figuring out what option to double click after the software loads. It would be smoother for them to download and be connected. (maybe a pop-up in the system tray, that says "Support rep is connected")
eo
20
20
 
Posts: 49
Joined: 2004-10-22 01:01

Re: Some idea for SC

Postby lenisham » 2004-12-10 00:32

Rudi De Vos wrote:A)
+I trying to find a way to make it easyer to configure...

What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt

Changes can be made on the fly....

Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..

Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??


http insecure

https more security, but more overhead and larger filesize.

tftp real small, no security, except you need to know the file location. It is soo small that it is used by some worms to bring in the rest of the worm once a system is infected.

And the real issue... except for DOS attacks is there any real security threat?
lenisham
40
40
 
Posts: 104
Joined: 2004-06-24 07:00

Postby Rudi De Vos » 2004-12-10 00:52

http insure, why ?

1) Server check for a config file, hosted on my webpage ( by some isp)
2) If a want a connection, i upload the config file to my webdirectory, config file contain my current viewer ip
3) Server find file and connect to this viewer.

+The risk is that someone else upload a config file. To do this, he needs to break the isp security.
+The domain name of my isp get hijacket...unlikely

What do i miss ?
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5681
Joined: 2004-04-23 10:21

Postby lenisham » 2004-12-10 02:37

Rudi De Vos wrote:http insure, why ?

http is cleartext
Rudi De Vos wrote:1) Server check for a config file, hosted on my webpage ( by some isp)
2) If a want a connection, i upload the config file to my webdirectory, config file contain my current viewer ip
3) Server find file and connect to this viewer.

Agreed.
Rudi De Vos wrote:+The risk is that someone else upload a config file. To do this, he needs to break the isp security.

Agreed.
Rudi De Vos wrote:+The domain name of my isp get hijacket...unlikely

What do i miss ?


DNS hijacking is actually quite easy.

IMHO the real question here is how critical is it to protect the text file? Is there anything there that actually needs to be protected?

It would be nice to be able to pull the key file remotly, but then you *do* have a major security issue.
lenisham
40
40
 
Posts: 104
Joined: 2004-06-24 07:00

Postby eo » 2004-12-12 01:58

Rudi,

Am unable to get the [DIRECT] attribute to work,
When testing without DIRECT is provide a menu and connects properly. But with the [DIRECT] an icon shows in the system tray, but nothing happens. Shouldnt it automatically connect to the host designated.

Thanks!

>
>If you add [DIRECT] and only have 1 [HOST] defined, the >menu is not shown
>and the connection is direct started. (can be usefull for >scripting)
eo
20
20
 
Posts: 49
Joined: 2004-10-22 01:01

Postby Rudi De Vos » 2004-12-12 13:13

Correct, [DIRECT] use second host entry but only allow 1 host entry---> never worked ( only in debug on my PC)

Corrected and updated...
Menu is now shown for 2 sec, before the [DIRECT] is made

I used your config for testing....
Sorry for the viewer connections, realised to late that i actual was doing a connection :)

Your config is missing blank lines, not used items require an empty line
[TEXTTOP]
[TEXTMIDDLE]
----> Use [TEXTMIDDLE] is text for place [TEXTTOP]


-------------------
[TITLE]

[HOST]
1) info
2) command line
[TEXTTOP]
<<<<<-----blank line needed if you want "texttop" empty
[TEXTMIDDLE]

[TEXTBOTTOM]

[TEXTRBOTTOM]

[TEXTRMIDDLE]

[TEXTRTOP]

[TEXTBUTTON]

[WEBPAGE]

[TEXTCLOSEBUTTON]

[BALLOON1TITLE] <<<<<-If this does not exist, no balloon1

[BALLOON1A]

[BALLOON1B]

[BALLOON1C]

[BALLOON2TITLE]<<<<<-If this does not exist, no balloon2

[BALLOON2A]

[BALLOON2B]

[BALLOON2C]

[DIRECT]
------------------------------------------------
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5681
Joined: 2004-04-23 10:21

Postby eo » 2004-12-12 19:15

Rudi,

That worked. Thanks!
eo
20
20
 
Posts: 49
Joined: 2004-10-22 01:01


Return to SC

Who is online

Users browsing this forum: No registered users and 1 guest

cron