-
-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create actual authentication between the clients and server #1
Comments
As of a5d3b47 clients submit an arbitrary connection key and are queued until they time out or can be bridged with their counterpart client that has a matching connection key. As of now, this process is unencrypted. Going to leave this issue open in order to encrypt the connection keys being sent. |
As of 5ae24b3 the connection key must start with the prefix "#!ConnectionKey_" without the quotes. This drops all client connections that don't contain a valid prefix in the connection key message. This process is currently still unencrypted. |
Certificate-based authentication is probably a better way to go here... |
Currently, the server knows a connection is from a permitted client based on a port-specific "knock" phrase sent upon connection. Adding an actual authentication method to ensure only permitted clients can connect would be more secure.
The text was updated successfully, but these errors were encountered: