diff options
Diffstat (limited to 'classes/ssl/proxy.vnc')
| -rw-r--r-- | classes/ssl/proxy.vnc | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/classes/ssl/proxy.vnc b/classes/ssl/proxy.vnc deleted file mode 100644 index 6d3ab3d..0000000 --- a/classes/ssl/proxy.vnc +++ /dev/null @@ -1,73 +0,0 @@ -<!-- - index.vnc - default HTML page for TightVNC Java viewer applet, to be - used with Xvnc. On any file ending in .vnc, the HTTP server embedded in - Xvnc will substitute the following variables when preceded by a dollar: - USER, DESKTOP, DISPLAY, APPLETWIDTH, APPLETHEIGHT, WIDTH, HEIGHT, PORT, - PARAMS. Use two dollar signs ($$) to get a dollar sign in the generated - HTML page. - - NOTE: the $PARAMS variable is not supported by the standard VNC, so - make sure you have TightVNC on the server side, if you're using this - variable. ---> - -<!-- -The idea behind using the signed applet in SignedVncViewer.jar for -firewall proxies: - -Java socket applets and http proxies do not get along well. - -Java security allows the applet to connect back via a socket to the -originating host, but the browser/plugin Proxy settings are not used for -socket connections (only http and the like). So the socket connection -fails in the proxy environment. - -The applet is not allowed to open a socket connection to the proxy (since -that would let it connect to just about any host, e.g. CONNECT method). - -This is indpendent of SSL but of course fails for that socket connection -as well. I.e. this is a problem for non-SSL VNC Viewers as well. - -Solution? Sign the applet and have the user click on "Yes" that they -fully trust the applet. Then the applet can connect to any host via -sockets, in particular the proxy. It next issues the request - - CONNECT host:port HTTP/1.1 - Host: host:port - -and if the proxy supports the CONNECT method we are finally connected to -the VNC server. - -For SSL connections, SSL is layered on top of this socket. However note -this scheme will work for non-SSL applet proxy tunnelling as well. - -It should be able to get non-SSL VNC connections to work via GET -command but that has not been done yet. - -Note that some proxies only allow CONNECT to only these the ports 443 -(HTTPS) and 563 (SNEWS). So you would have to run the VNC server on -those ports. - -SignedVncViewer.jar is just a signed version of VncViewer.jar - -The URL to use for this file: https://host:port/proxy.vnc - -Note VNCSERVERPORT, we assume $PARAMS will have the correct PORT setting -(e.g. 563), not the one libvncserver puts in.... - ---> - - -<HTML> -<TITLE> -$USER's $DESKTOP desktop ($DISPLAY) -</TITLE> -<APPLET CODE=VncViewer.class ARCHIVE=SignedVncViewer.jar - WIDTH=$APPLETWIDTH HEIGHT=$APPLETHEIGHT> -<param name=VNCSERVERPORT value=$PORT> -<param name="Open New Window" value=yes> -$PARAMS -</APPLET> -<BR> -<A href="http://www.karlrunge.com/x11vnc">x11vnc site</A> -</HTML> |