| Subject | AW: [firebird-support] Terminal Server |
|---|---|
| Author | Steffen Heil |
| Post date | 2004-08-05T21:03:18Z |
Hi
No. Every terminal server session has it's own processes. So there should
are at least as many sessions as clients connected.
and restrict access to the data where a terminal is in a public area -
independent of who logs in.
You want to do this from an PHP script on the server? There is propably no
way, but THIS IS secure, since you DO NOT WANT your browser to send out any
information about your windows session, right? Browsers do not send the
computers name at all, computer names can be reconstructed by ips though.
The problem is, that every terminal session uses the same host ip.
Actually it is absolutely possible to get an unique connection identifier
and maybe even the clients name (but I believe, that would need some hacks),
but not though the browser and php sessions from the server. I would
consider THIS a security lack.
session software to run server side rather than client and 'enable' other
possible security leaks :)
If you have control over all clients, there might be a way, using a
self-signed ActiveX control to send client information, and you could
register you self-signed cert on that terminal server. Inside that activex
control, you could use terminal services API to get the connection IDs.
Regards,
Steffen
> Main problem is PHP sessions are being shared across all clients, becausethere is actually only one copy of the browser running.
No. Every terminal server session has it's own processes. So there should
are at least as many sessions as clients connected.
> Does anybody know if it is possible to identify the client machine theother side of Terminal Server - as I use it as part of the security checks,
and restrict access to the data where a terminal is in a public area -
independent of who logs in.
You want to do this from an PHP script on the server? There is propably no
way, but THIS IS secure, since you DO NOT WANT your browser to send out any
information about your windows session, right? Browsers do not send the
computers name at all, computer names can be reconstructed by ips though.
The problem is, that every terminal session uses the same host ip.
> I can't believe that this simple security step is not available - orperhaps I can - it is Microsoft.
Actually it is absolutely possible to get an unique connection identifier
and maybe even the clients name (but I believe, that would need some hacks),
but not though the browser and php sessions from the server. I would
consider THIS a security lack.
> So is there any way round it or do I just tell the customer that theycan't have THAT particular security lock ;) I've already got to rebuild the
session software to run server side rather than client and 'enable' other
possible security leaks :)
If you have control over all clients, there might be a way, using a
self-signed ActiveX control to send client information, and you could
register you self-signed cert on that terminal server. Inside that activex
control, you could use terminal services API to get the connection IDs.
Regards,
Steffen