Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Some idea for SC

Single Click discussions / bugs
Post Reply
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Some idea for SC

Post by Rudi De Vos »

A)
+I trying to find a way to make it easyer to configure...

What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt

Changes can be made on the fly....

Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..

Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??
Sergio
40
40
Posts: 103
Joined: 2004-05-22 20:02
Contact:

Post by Sergio »

Very good idea, Rudi ...
Anyway, let the embeded helpdesk.txt option opened ... maybe you can do something like this: if there is a helpdesk.txt on the current folder, use it, if not download it from the configured site. Just my 2 cents. :)
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

Current helpdesk.txt is always needed...
Need top define htt://myhost... somewhere

I only want to be able to overwrite host info
User avatar
pgmoney
100
100
Posts: 285
Joined: 2004-06-26 22:29
Contact:

Re: Some idea for SC

Post by pgmoney »

If it checked against a list of approved addresses it wouldn't be a bad way to do it. Otherwise, it would be easy access for a semi-inteligent hacker with brute force password cracking tools.

Rudi De Vos wrote:A)
+I trying to find a way to make it easyer to configure...

What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt

Changes can be made on the fly....

Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..

Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??
eo
20
20
Posts: 49
Joined: 2004-10-22 01:01

Post by eo »

Rudi,

A downloadable config sounds like a great idea! Will you add an option to have a default that will automatically connect without asking the users. Believe it or not, end-users have problems with figuring out what option to double click after the software loads. It would be smoother for them to download and be connected. (maybe a pop-up in the system tray, that says "Support rep is connected")
lenisham
40
40
Posts: 104
Joined: 2004-06-24 07:00

Re: Some idea for SC

Post by lenisham »

Rudi De Vos wrote:A)
+I trying to find a way to make it easyer to configure...

What if i add the option to specify a download location for helpdesk.txt instead of embedding it...
Sample: http://mycompanysite/config/helpdesk.txt

Changes can be made on the fly....

Perhaps in a later stage, add a checker....
SC test for the helpdesk.txt and keep retrying every x minutes.
If you want a connection from home, add the helpdesk.txt to your website, SC find file and made connection to specified helpdesk.txt settings. More or less like mail initiated access..

Security ???? Anybody an idea how secure this is ..
Possible as secure as your web account ??
http insecure

https more security, but more overhead and larger filesize.

tftp real small, no security, except you need to know the file location. It is soo small that it is used by some worms to bring in the rest of the worm once a system is infected.

And the real issue... except for DOS attacks is there any real security threat?
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

http insure, why ?

1) Server check for a config file, hosted on my webpage ( by some isp)
2) If a want a connection, i upload the config file to my webdirectory, config file contain my current viewer ip
3) Server find file and connect to this viewer.

+The risk is that someone else upload a config file. To do this, he needs to break the isp security.
+The domain name of my isp get hijacket...unlikely

What do i miss ?
lenisham
40
40
Posts: 104
Joined: 2004-06-24 07:00

Post by lenisham »

Rudi De Vos wrote:http insure, why ?
http is cleartext
Rudi De Vos wrote:1) Server check for a config file, hosted on my webpage ( by some isp)
2) If a want a connection, i upload the config file to my webdirectory, config file contain my current viewer ip
3) Server find file and connect to this viewer.
Agreed.
Rudi De Vos wrote:+The risk is that someone else upload a config file. To do this, he needs to break the isp security.
Agreed.
Rudi De Vos wrote:+The domain name of my isp get hijacket...unlikely

What do i miss ?
DNS hijacking is actually quite easy.

IMHO the real question here is how critical is it to protect the text file? Is there anything there that actually needs to be protected?

It would be nice to be able to pull the key file remotly, but then you *do* have a major security issue.
eo
20
20
Posts: 49
Joined: 2004-10-22 01:01

Post by eo »

Rudi,

Am unable to get the [DIRECT] attribute to work,
When testing without DIRECT is provide a menu and connects properly. But with the [DIRECT] an icon shows in the system tray, but nothing happens. Shouldnt it automatically connect to the host designated.

Thanks!

>
>If you add [DIRECT] and only have 1 [HOST] defined, the >menu is not shown
>and the connection is direct started. (can be usefull for >scripting)
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

Correct, [DIRECT] use second host entry but only allow 1 host entry---> never worked ( only in debug on my PC)

Corrected and updated...
Menu is now shown for 2 sec, before the [DIRECT] is made

I used your config for testing....
Sorry for the viewer connections, realised to late that i actual was doing a connection :)

Your config is missing blank lines, not used items require an empty line
[TEXTTOP]
[TEXTMIDDLE]
----> Use [TEXTMIDDLE] is text for place [TEXTTOP]


-------------------
[TITLE]

[HOST]
1) info
2) command line
[TEXTTOP]
<<<<<-----blank line needed if you want "texttop" empty
[TEXTMIDDLE]

[TEXTBOTTOM]

[TEXTRBOTTOM]

[TEXTRMIDDLE]

[TEXTRTOP]

[TEXTBUTTON]

[WEBPAGE]

[TEXTCLOSEBUTTON]

[BALLOON1TITLE] <<<<<-If this does not exist, no balloon1

[BALLOON1A]

[BALLOON1B]

[BALLOON1C]

[BALLOON2TITLE]<<<<<-If this does not exist, no balloon2

[BALLOON2A]

[BALLOON2B]

[BALLOON2C]

[DIRECT]
------------------------------------------------
eo
20
20
Posts: 49
Joined: 2004-10-22 01:01

Post by eo »

Rudi,

That worked. Thanks!
Post Reply