jinql
/
webssh
mirror of https://github.com/huashengdun/webssh
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
507 Commits
4 Branches
44 Tags
1.8 MiB
Commit Graph

13 Commits (b8b15ffe2b5835753b25a1d27050e02ad3b80372)

Author SHA1 Message Date
Sheng 9a7cfe767c Use uuid4 to generate id for Python3.5 Python3.4 Python2.7 2022-11-21 14:32:41 +08:00
Kyle Larose 1b62f379ed
use secrets to generate worker id 
The worker ID right now is typically based off the address of an object
in memory. This could be guessed. While the worker is tied to a
specific IP, there is a chance an off-path attacker could be hosted
behind the same IP as the caller. They could possibly guess the worker
id of an unclaimed session by observing the sequence of IDs presented to
themselves, leading to them gaining access to an already authenticated
SSH session.

Use the python secrets module to generate a cryptographically secure
token to use as the worker ID. This shoud be much harder to guess.
 2022-11-17 15:26:05 -05:00
Sheng 19d816f991 Check if channel is closed first when error occurs on reading or writing 2020-09-16 21:01:53 +08:00
Sheng 5bbf0408ce Updated clear_worker 2019-07-04 21:53:39 +08:00
Sheng 976b00ca85 Added function clear_worker 2019-07-04 21:53:39 +08:00
Sheng 86abf6912d Check worker status before closing worker 2019-07-04 21:53:39 +08:00
Sheng 2653a3e35a Added function for limiting connections for every client(ip) 2018-12-29 16:16:06 +08:00
Sheng 5f3641701e Increase buffer size for channel 2018-09-01 11:00:01 +08:00
Sheng 80bdddc280 Added setting swallow_http_errors 2018-08-28 07:43:43 +08:00
Sheng 105c1f62ee Close handler with reason why worker closed 2018-08-26 20:13:11 +08:00
Sheng 191bb109e0 Fixed a bug that client closes websocket on handling non utf-8 encoded bytes 2018-05-22 19:28:04 +08:00
Sheng 20be29f989 Use warning instead of warn 2018-04-27 08:50:21 +08:00
Sheng 09d5804a09 Prepare to write unit tests 2018-04-22 20:11:36 +08:00