OSCommerce Product Manager for Windows
FS#70 - PLink refuses connection to unknown hosts.
Attached to Project:
OSCommerce Product Manager
Opened by Mario A. Valdez-Ramirez (mvaldez) - Saturday, 21 August 2004, 14:58 GMT
Last edited by Mario A. Valdez-Ramirez (mvaldez) - Saturday, 27 August 2005, 03:01 GMT
Opened by Mario A. Valdez-Ramirez (mvaldez) - Saturday, 21 August 2004, 14:58 GMT
Last edited by Mario A. Valdez-Ramirez (mvaldez) - Saturday, 27 August 2005, 03:01 GMT
|
DetailsPLink, as all programs in the puTTY suit, refuses to connect to unknown hosts unless the user confirms the connection (at least for the first time). This is a security measure against a man-in-the-middle attack or spoofing attacks.
Currently, from within the OSCPMWin application, the only chance for the user to confirm the connection the first time is when using the "Check SSH connection" in the configuration dialog. Should we automate this step so the application accepts by default any connection? If we do, the responsability of avoiding the mentionen attacks is on us. If we don't, the user will stay with the "Check SSH" button. Second option is ugly but it works. First option would allow us to intercept the queries of PLink and we can pass them to the user in a GUI-friendly fashion. Pending to check options. |
This task depends upon
Kind of incongruent, but logistical/technical difficulty is too high and there are more urgents fixes to do. Maybe later we can raise the Priority.
This bug is a duplicate.
The following bug addresses the same issue: #69, #70 and #194. The #194 is closed as fixed.
Closing this one.