Hide password on vnc_lite page
365 views
Skip to first unread message
Valentin M
Mar 10, 2021, 10:00:26 AM3/10/21
to noVNC
Hello,
I would like to know if there is a way to hide the password entered by a user when he tries to connect from vnc_lite?
From my search, it's unfortunately impossible to hide the text input from a JS prompt.
By reading the noVNC code, I've observed 3 ways to connect:
- Through the URL parameters --> Password is subject to eavesdropping,
- Through the password form --> But is only a feature of vnc.html,
- And Through the JS prompt --> Password also subject to eavesdropping.
I want to use vnc_lite because from what I read, it's the only responsive screen provided by noVNC.
Is there a more secure way to ask for a password on vnc_lite?
Have a nice day,
Valentin M.
Samuel Mannehed
Mar 12, 2021, 5:01:52 AM3/12/21
to toutou...@gmail.com, noVNC
Hi Valentin,
> The big problem that I encounter with vnc.html is the non-responsive
> screen view.
>
> I've been using vnc_lite.html to get an easier way to handle
> responsive design, because it's already provided & automatic on this
> page.
>
> Do you know if there is a way to provide a responsive screen view
> with vnc.html ?
I'm not sure what you mean with responsive? Is it laggy and slow?
> Finally, I've found out how to rescale the screen properly --> By
> using the resize option and set it to scale. Or to pass the GET
> parameter "scale=scale".
>
> It seems like I might be able to fix all my problems now. 😁
Is this related to your first answer regarding "responsive" in the
sense of "responsive design" that adapts to different screen sizes?
Good to hear that you found the resize option and that you get things
sorted. Just out of curiosity, are there still things with
vnc_lite.html that makes you prefer that over vnc.html?
Best regards,
--
Samuel Mannehed Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46 13 214 600
> The big problem that I encounter with vnc.html is the non-responsive
> screen view.
>
> I've been using vnc_lite.html to get an easier way to handle
> responsive design, because it's already provided & automatic on this
> page.
>
> Do you know if there is a way to provide a responsive screen view
> with vnc.html ?
I'm not sure what you mean with responsive? Is it laggy and slow?
> Finally, I've found out how to rescale the screen properly --> By
> using the resize option and set it to scale. Or to pass the GET
> parameter "scale=scale".
>
> It seems like I might be able to fix all my problems now. 😁
Is this related to your first answer regarding "responsive" in the
sense of "responsive design" that adapts to different screen sizes?
Good to hear that you found the resize option and that you get things
sorted. Just out of curiosity, are there still things with
vnc_lite.html that makes you prefer that over vnc.html?
Best regards,
--
Samuel Mannehed Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46 13 214 600
Samuel Mannehed
Mar 12, 2021, 12:31:37 PM3/12/21
to Valentin Magnan, no...@googlegroups.com
Hi,
> Yes exactly I meant responsive web design, to adapt the screensize.
> And the parameter to set is not scale=scale as I said but
> resize=scale(makes more sense).
Thanks for clarifying.
> Not really, I will use vnc.html now, there are plenty of features on
> this page that I can disable as I need.
Good to hear!
> Yes exactly I meant responsive web design, to adapt the screensize.
> And the parameter to set is not scale=scale as I said but
> resize=scale(makes more sense).
Thanks for clarifying.
> Not really, I will use vnc.html now, there are plenty of features on
> this page that I can disable as I need.
Good to hear!
Samuel Mannehed
Mar 13, 2021, 2:51:06 PM3/13/21
to Valentin M, no...@googlegroups.com
Hi Valentin,
> I would like to know if there is a way to hide the password entered
> by a user when he try to connect from vnc_lite.html ?
> Through the url parameters --> Password is subject to eavedropping,
You're correct that a window.prompt() isn't proper for password input
in a production environment.
> I really want to use vnc_lite because from what I read, it's the only
> Is there a more secure way to ask for a password on vnc_lite.html ?
vnc_lite.html is just a simple example used to demonstrate how little
code actually is needed to create a "working" VNC client using our
library. It's not intended to be used as-is in production.
vnc.html is more a complete example which should be ready for use in
most cases.
Similar to how vnc.html does it, the best way is to have a HTML input
element of the type 'password' here. That should be the path forward in
your implementation.
> I would like to know if there is a way to hide the password entered
> From my search, it's unfortunately impossible to hide the text input
> from a JS prompt.
>
> By reading noVNC code, I've observed 3 ways to connect :
> from a JS prompt.
>
> Through the url parameters --> Password is subject to eavedropping,
> Through the password form --> But is only a feature of vnc.html,
> And Through the JS prompt --> Password also subject to eavedropping.
You're correct that a window.prompt() isn't proper for password input
in a production environment.
> I really want to use vnc_lite because from what I read, it's the only
> responsive screen provided by noVNC.
What problems are you running into with vnc.html?
> Is there a more secure way to ask for a password on vnc_lite.html ?
vnc_lite.html is just a simple example used to demonstrate how little
code actually is needed to create a "working" VNC client using our
library. It's not intended to be used as-is in production.
vnc.html is more a complete example which should be ready for use in
most cases.
Similar to how vnc.html does it, the best way is to have a HTML input
element of the type 'password' here. That should be the path forward in
your implementation.
Reply all
Reply to author
Forward
0 new messages