Xpra: Ticket #1660: client also send a challenge to the server

This would not prevent MITM attacks on its own, but could be used to prevent a client from connecting to a malicious server.

Only slight problem is that this requires the server to have access to the password value, which is not always available to the auth module... (ie: allow and pam do not) So if this is added, this should not be the default.



Sat, 14 Oct 2017 07:51:05 GMT - Antoine Martin: attachment set

implement server challenge support


Sat, 14 Oct 2017 07:52:34 GMT - Antoine Martin: status changed; resolution set

The patch above is on top of r17173, it isn't too intrusive but seeing that we can't make it the default, I don't think we should apply it.

Could be useful for something like #1022


Sat, 17 Feb 2018 14:01:02 GMT - Antoine Martin:

Better solution: #1771


Sat, 23 Jan 2021 05:30:22 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1660