Comment 7 for bug 1409142
Revision history for this message
| Andrew Laski (alaski) wrote Re: Websocket Hijacking Vulnerability in Nova VNC Server | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Assuming the user is logged in to the instance on the websocket session, yes it provides total access to the instance.
I'm okay with the patch as written as it would address the issue and if configurability is desired later it can be added in. I would prefer that a ValidationError be raised as opposed to creating a new exception class but that's my only nitpick.