Support
Authorization

Newsletter

  Settings

A Suggestion

 

Forums list
Topics list
New topics
Search
Rules
Help
Login: 
Register

Pages: 1
  Views: 5686Topic: closed: «A Suggestion» on forum: Famatech Software Good Wishes
#1
I would like to suggest that you add a browser interface for the viewer please?

It would nice to be able to go to any PC and use the browser to login to a PC running Radmin without having to install anything. Like in an internet cafe where you can't.

Many remote control packages now use this, so how about it?

Yours Roy
Profile
#2
There's no web interface for RAdmin, since it would be great security hole. Releasing web-based user interface would force endless attacks to your RAdmin Server from the Web and, most importantly, web traffic encryption is much poorer than internal RAdmin encryption, so passwords can be stolen.

That's why you must download RAdmin from our site and install it on your computers in order to use Remote Administrator. Anyway, we are constantly thinking about solution, so it may be developed later.

Best Regards,
Ilia Demenkov, Famatech Support Team (support@famatech.com).
Profile
#3
I do not think it is a great security hole if handled correctly to connect over the web through a web browser.

1. Your client is freely available for download anyway (the licensing is only on the server side..... you can use the client indefinitely and hammer all you want with a script).

2. Other viewers have ActiveX components to allow remote control over the web. For example, terminal services can be accessed over the internet by installing the IIS TSC client on your web server.

3. 128 bit SSL encrytpion should be strong enough (and is pretty much standard) on browsers.

4. You should not fear the average computer user that might try 10 - 30 times through a web interface since he is typing over and over. You should fear the focused and determined individual that might write a script (and this is easily done with your free client executable) that uses a dictionary or brute force method.

So.... having a "web" interface is not a security hole in and of itself. If you think about the design.... this is not too difficult.

1. Install RAdmin Server 3.1 to "system A" to be controlled
2. RAdmin Server 3.1 on "system A" has ActiveX RAdmin 3.1 Client that can be accessed and downloaded with proper credentials
3. ActiveX control sent from "system A" to "system B" is installed on "system B"
4. "System B" controls "system A" with your special RAdmin 3.1 ActiveX client (providing encrypted and proper credentials of course)

There are obviously issues like, the person has to have administrative access to install the ActiveX control. But to state that simply having web access to connect is a giant security hole seems a stretch to me.

My $0.02
#4
The problem with having to use it in internet cafes, libraries etc, is that you can't install anything as they don't let you have the admin rights.

At present as an alternative to Radmin (which btw I have been using since v1 in it's very early days) I use <a href="http://www.3amlabs.com/>Remotely Anywhere</a> as a backup.

I would just prefer to use Radmin for it all as it is a great program smile:-)

Yours Roy
Profile
#5
>1. Your client is freely available for
>download anyway (the licensing is only on
>the server side

You are terribly mistaken. RAdmin Client is not free. The licensing is both for server AND client.

And you missed the most important part of my explanation:

web traffic encryption is much poorer than internal RAdmin encryption.

>2. Other viewers have ActiveX components
>to allow remote control over the web.

We should we be as much vulnerable as our rivals? We don't care how buggy they are.

>For example, terminal services can be accessed

RAdmin is not a terminal service, it's a remote contol tool. Don't mix this 2 software classes.

>128 bit SSL encrytpion should be strong enough

Believe me, web traffic encryption is much poorer than internal RAdmin encryption.

>(and this is easily done with your free client executable)

Our client is not free.

>that uses a dictionary or brute force method.

The possibility of brute-forcing RAdmin Server was already discussed many times - see othe topics. It would take centuries, unless simplistic password like "password" or "12345678" is used on the server.

Best Regards,
Ilia Demenkov, Famatech Support Team (support@famatech.com).
Profile
#6
Actually I think you missed the point completely. Your client is not "free" but it is "freely available". Do you really think a hacker who intends to attack radmin servers cares one whit that he's using a pirate key and doesn't have a legal license to use Radmin? The POINT here is that anyone can obtain a copy of the software easily. Simply because it uses port 4899 instead of port 80 makes no difference to the most likely abusers.

And, as has been noted, anything that can be done with a standalone program can be done with an ActiveX or Java web control. You don't have to use SSL encrytption, use your existing code to communicate. In fact I can't imagine how you would do it otherwise.. it's' not like you can use HTML to draw a screen that updates in real time.
Pages: 1

Users browsing this topic
Number of guests: 1, registered members: 0, in total hidden: 0

Radmin 3.5

Windows 8 Compatible

DOWNLOAD

Free for 30 days

BUY NOW

Only $49 per lifetime license
for  50 PCs - $29.8 per remote PC
for 100 PCs - $24.9 per remote PC
for 150 PCs - $23.3 per remote PC
from 200 PCs - $22 per remote PC
Follow us on Twitter
Famatech Corporation Copyright © 1999-2014 Famatech. All rights reserved.