Language

Configuring the UI client to securely access a remote application

Requires Pliant release 108 or more.

Why use enhanced security ?

If you don't expect enhanced security, then you don't need to configure anything.
As an example, you can access Pliant web site, just through clicking the 'URL' button or icon in the right window of the UI client, then type in:
tcp://www.fullpliant.org/
and press 'go' button.

Pliant enhanced security brings you:

   •   

You are more confident that what you access is the server you expect, and not a machine that pretends to be it (pishing) in order to catch some informations about you.

   •   

The server is more confident that it's you and not somebody that stole your password either through watching you type it in or spying the network traffic.

   •   

Some machine in the middle that records the traffic will hardly be abble to extract any information from it, and hardly be abble to corrupt it.

What needs to be done to provide enhanced security ?

For the specialists, in order to achieve this extra level of security, Pliant relies on the well known RSA key pairs mechanism for exchanging a shared key, then RC4 channel ciphering with extended seed and MD5 checksuming of the ciphered packets.

It means that:

   •   

Your machine must know the public key of the site you plan to securely access

   •   

The server running the site must know the public key of your user account

Moreover, since copying files using Pliant UI clipboard requires each machine to securely connect to the other:

   •   

Your machine must know the public key of the server running the site you plan to securely access

   •   

The server running the site must know the public key of the machine running the UI on your machine.

Preparing the server

You need to prepare the server though creating a user account that will receive the public key of the user, and a host account that will receive the public key of the machine running the Pliant UI for the user.

First select a temporary clear password. Here, it will be 'foo'

In order to prepare the user account, from the main FullPliant menu, use 'Dashboard' 'Accounts' 'Users', create the new user record and fill it's public key with 'pass foo'.

In order to prepare the host account, from the main FullPliant menu, use 'Dashboard' 'Accounts' 'Hosts', create the new machine record and fill it's public key with 'pass foo'.

Of course, the user ID, host name and temporary password you selected must match the ones the user will use to configure his machine.

Configuring the client

From the main FullPliant menu, use 'Dashboard' 'Once'

In our sample, 'Keys exchange password' will be 'foo'

If you fill it, 'Remote administration user' will futhermore create a user account on your machine, with administration right, that can be used to access and remotely configure or upgrade your machine. The administrator can see everything in your machine as soon as the 'UI server' service is running on it.

When you have filled the form, 'See current situation' enables to check the situtation and provide a report, without changing anything.
'Generate and exchange keys' will try upgrade the configuration and provide a report.
When you have all the reports green, then the configuration should be ok: get back to the FullPliant home page, then follow the link to test secured access to the application.

Please also notice that the public keys are exchanged through a not protected TCP connection, so could be changed by a machine modifying the packets in the middle. The simple password (here 'foo') protection is not enough to prevent it. As a result, it is recommanded to check, maybe through on the phone or through a paper provided validation, that the received public keys on both sides are correct.