Comment 78 for bug 1409142
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259) | #78 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Using the "ssl_only" option sounds good to me, it is documented as 'Disallow non-encrypted connections' and could be used to make sure origin is using an encrypted connections. On the other hand, Tony is right and this may cause surprise...
@Paul if we go with the new option to enforce origin is https for all branch, would it also deter the dns rebinding issue ? And if not, in case we fix it in another patch, would this option be compatible or will it be rewritten to support a whitelist mechanism ? Just making sure we are looking at a long-term solution....