You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I am trying to decide the best approach to provide a remote access tunnel to users via my app by either using an iframe or websockets. I'm looking for the most sensible approach in terms of security and integration, with security being the most important.
So far I have set up a page with an iframe for meshcentral using a logintokenkey and it works as long as SameSite is set to 'none' in config.json. From my understanding, using SameSite: none poses an increased security risk. Also, it's a good idea to use 'None; Secure', but the MC service fails to start with "None; Secure" in the SameSite property. Is there a way to add the secure cookie parameter to the SameSite none attribute?
Another option I am considering as an alternative to the iframe, is to use websockets. If this is a more sensible approach, am I able to create a tunnel and display the remote screen using this method? Using trace=1 shows the web sockets sent and received to MC, but I can't figure out how the tunnel would be passed to the user and how the sessions are called using the 'msg' actions. Would the websocket just provide me a URL to redirect the user to? Perhaps someone can point me in the right direction.
With that being said, generally speaking, are websockets more secure than an iframe?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello, I am trying to decide the best approach to provide a remote access tunnel to users via my app by either using an iframe or websockets. I'm looking for the most sensible approach in terms of security and integration, with security being the most important.
So far I have set up a page with an iframe for meshcentral using a logintokenkey and it works as long as SameSite is set to 'none' in config.json. From my understanding, using SameSite: none poses an increased security risk. Also, it's a good idea to use 'None; Secure', but the MC service fails to start with "None; Secure" in the SameSite property. Is there a way to add the secure cookie parameter to the SameSite none attribute?
Another option I am considering as an alternative to the iframe, is to use websockets. If this is a more sensible approach, am I able to create a tunnel and display the remote screen using this method? Using trace=1 shows the web sockets sent and received to MC, but I can't figure out how the tunnel would be passed to the user and how the sessions are called using the 'msg' actions. Would the websocket just provide me a URL to redirect the user to? Perhaps someone can point me in the right direction.
With that being said, generally speaking, are websockets more secure than an iframe?
Much appreciated.
Beta Was this translation helpful? Give feedback.
All reactions