Uploaded image for project: 'VCL'
  1. VCL
  2. VCL-753

Improve user connection checking and how firewall is locked down




      The backend code which detects when a user is logged in and secures the firewall currently relies on the reservation.IPaddress column. This does not work correctly under some conditions if the IP address the user connects to the website differs from the IP address used to connect to the remote computer – such as when a user connects to either the website or remote computer through a proxy.

      The backend code can be improved to temporarily open the firewall to any IP address when the request is in the reserved state or when the user clicks the Connect button from a different IP address. Once a connection is detected, the actual remote IP is retrieved from the OS and the firewall is locked down appropriately.

      This is a fairly complicated change and several things need to be changed in order for everything to work correctly.

      Database changes:

      Add changelog.reservationid column
      The changelog table will be used to record every IP address detected throughout a reservation. This table does not currently have a reservation ID column and there is no way to determine which reservation a changelog entry refers to – only which request. This is needed for cluster requests in order to track which remote IP address was detected on which computer. The changelog.reservationid and changelog.remoteIP columns will have a unique key added in order to prevent an excessive number of rows from being added since a row would be added by every 'inuse' check.

      Add changelog.userid column
      This is needed for server/shared requests. If a user clicks the Connect button and another user is already connected, the backend code will quickly detect the connection from the existing user and lock the firewall down to that user before the user who recently clicked Connect can connect. A changelog.userid column will allow the backend to loop until a connection from a particular user is detected.

      Web front end changes:
      Whenever a user clicks Connect, add a changelog entry with the remoteIP and userid set. The changelog.reservationid column should be null due to cluster requests. Clicking Connect for a cluster request applies to all reservations in the cluster.

      Backend changes:
      Rework much of inuse.pm. Modify the OS module connection method and firewall subroutines as necessary.

      Whenever a connection is detected, add a row to changelog including the reservationid. If an existing row exists with the same reservationid/remoteIP values, update the timestamp.




            Unassigned Unassigned
            arkurth Andrew Kurth
            0 Vote for this issue
            2 Start watching this issue