-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(dgw): smaller token reuse interval for RDP sessions
With this change, we do not allow reuse for RDP sessions more than a few seconds following the previous use. The interval is 10 seconds which is expected to give plenty of time to RDP handshake and negotiations. Once this interval is exceeded, we consider the RDP session is fully started and the same token can't be reused anymore. Two reasons why this is beneficial: - Security wise: the reuse interval is considerably shortened - Feature wise: more efficient forced RDP session termination Regarding the second point: Windows’ mstsc will keep alive the session by re-opening it immediately. Because we allow token reuse in a limited fashion for RDP, as long as the association token is not expired, the terminate action has effectively no visible effect (besides that multiple sessions occurred). Reducing the reuse interval greatly improves the situation.
- Loading branch information
Showing
1 changed file
with
33 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters