UVNC Security & JAVA

UVNC Security & JAVA

Postby xytsrm » 2010-06-13 02:13

I noticed that if I install a security DSM plugin, for secure comm between the client and server, the JAVA browser access does not connect. I understand that the browser interface would not be secure, but I would have thought that since the JAVA interface utilizes a separate port (5800), it would continue to function as normal, bypassing the secure DSM? Any comments would be appreciated.

X.
xytsrm
8
8
 
Posts: 21
Joined: 2008-10-10 13:42

Re: UVNC Security & JAVA

Postby B » 2010-06-14 14:11

Remember, the ONLY thing that passes over port 5800 (as far as I understand) is the transmission of the Java executable code from the server to the client's browser. All other VNC operations (remote control, etc.) STILL takes place over, and requires, port 5900.

On top of that, I don't think the Java viewer even support DSM plugins?
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: UVNC Security & JAVA

Postby xytsrm » 2010-06-14 23:18

B,

Thanks for the reply. I really don't understand the UVNC architecture, I would have thought that the two port would have been treated independently, allowing the JAVA access to continue unimpeded by the insertion of a DSM, as you noted JAVA does not support DSM's.

X.

P.S. The reason I posted twice was in an effort to advertise the question to forums of diverse expertise.
xytsrm
8
8
 
Posts: 21
Joined: 2008-10-10 13:42

Re: UVNC Security & JAVA

Postby B » 2010-06-14 23:27

How it works, more or less:

A user browses to http://yourmachine:5800

Your machine delivers a java applet to the user. Port 5800 then <b>goes completely out of the picture</b>.

The java applet running on the user's machine then starts a normal VNC viewing session to yourmachine::5900. (Normal except that it does not have all the native vncviewer capabilities.)

That's just the way it works as far as I understand.

All in all I've always thought it rather inelegant to require an additional open port just to deliver the applet, but VNC was doing this years and years ago, before most commercial services.
Last edited by B on 2010-06-14 23:27, edited 1 time in total.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: UVNC Security & JAVA

Postby xytsrm » 2010-06-15 03:42

B.

Thanks again for the reply. This may explain an enomaly I was having when port forwarding on my router. Everytime I setup port forwarding (i.e. 5858 > 5800 & 5959 > 5900) the JAVA app would connect to the target machine, but fail to display the login. However, while the Chrome browser would also fail to display the login, it had an error message, something to the effect "failed to connect to port 5900. That always puzzled me as I though the applet was connecting through 5800. Now, at least that error makes sense. I could only get to port forwarding to work if I left it one-to-one (5800>5800 & 5900 > 5900).

X.
xytsrm
8
8
 
Posts: 21
Joined: 2008-10-10 13:42

Re: UVNC Security & JAVA

Postby B » 2010-06-15 13:47

Uh, not sure why you're flipping/redirecting ports like that -- the port the local IP address is listening on is irrelevant to what's going on outside, so usually I'll just make them match for convenience.

The only reason you'd do "5959 > 5900" is if you like connecting locally without having to enter the port number. (I do find this technique very useful with terminal services though -- it's a bitch changing the listening port for that.)

Don't get me wrong -- I'm all for using obscure ports instead of the defaults. I just think it's more straightforward to change the listening port at the WinVNC server side itself, and have the router forward port 5959 to 5959 (in your example).
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: UVNC Security & JAVA

Postby xytsrm » 2010-06-15 13:56

B.

Yeah. I know about changing the listening port on UVNC, I just thought that it would be easier to obsure the port to the external world withot touching UVNC by utilizing the port forwarding. Still don't understand why it doesn't work.

X.
xytsrm
8
8
 
Posts: 21
Joined: 2008-10-10 13:42

Re: UVNC Security & JAVA

Postby B » 2010-06-15 14:04

Yeah, actually that <b>does</b> explain it -- I think the Javaviewer picks up its target port from the settings in the WinVNC installation. As far as your WinVNC (server) is aware, it's listening for VNC connections on port 5900, period. So when its Javaviewer (sent by that WinVNC server to the end user's browser) launches, that's the only port it tries to connect to.

So, if you change the listening port settings in WinVNC, its Javaviewer should inherit the correct obscure port....
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: UVNC Security & JAVA

Postby xytsrm » 2010-06-15 17:00

B.

Are you saying that the JAVA viewer is actually being uploaded from the WinVNC server to the remote browser? If that's the case then I can definately see why simply changing the port forwarding won't work; as you said the viewer would get it's port assignment from WinVNC.

X.
xytsrm
8
8
 
Posts: 21
Joined: 2008-10-10 13:42

Re: UVNC Security & JAVA

Postby B » 2010-06-15 19:26

xytsrm wrote:B.

Are you saying that the JAVA viewer is actually being uploaded from the WinVNC server to the remote browser?


Yes, that's exactly what I'm saying. Look back at my first response to you above.

"Remember, the ONLY thing that passes over port 5800 (as far as I understand) is the <b>transmission of the Java executable code from the server to the client's browser</b>."
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: UVNC Security & JAVA

Postby xytsrm » 2010-06-16 00:09

B.

This discussion has been a truely enlightening experience. I can't tell you how much I appreciate the information you provided.

X.
xytsrm
8
8
 
Posts: 21
Joined: 2008-10-10 13:42

Re: UVNC Security & JAVA

Postby B » 2010-06-16 14:58

Cool! :)

Best of luck.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05


Return to 1.0.8.X (stable)

Who is online

Users browsing this forum: No registered users and 1 guest

cron