Remote Agents via HTTPS
Posted: Tue Mar 19, 2019 5:39 amHi All,
A client of ours wants to have agents connecting remotely to the "normal" agent page, and they have requested that it go over HTTPS so it is secure. However we have a number of concerns and were hoping to get feedback from both developers and the community as to whether this is a good idea. The client considers VPN too difficult to manage.
Firstly while HTTPS encrypts the traffic, the agent interface will obviously be exposed to the internet. Can the interface itself be considered secure? I've worked quite a bit in the code behind the agent page and would be very concerned to face it to the internet myself. Obviously all passwords would have to be secure too which might be problematic for agents.
There is also all the JavaScript in the agent page that calls vdc_db_query.php over HTTP and that would send information (including agent passwords) over the internet in cleartext. Has anybody has success in changing this to HTTPS? Is there a performance concern?
There are 6 active web servers in this Vicidial cluster and we are currently using balance to do load balancing between them. Has anybody had any success using balance with both HTTP *and* HTTPS? Or should we then look at something more like nginx?
Most importantly: is this a good idea?
Regards,
Duncan
A client of ours wants to have agents connecting remotely to the "normal" agent page, and they have requested that it go over HTTPS so it is secure. However we have a number of concerns and were hoping to get feedback from both developers and the community as to whether this is a good idea. The client considers VPN too difficult to manage.
Firstly while HTTPS encrypts the traffic, the agent interface will obviously be exposed to the internet. Can the interface itself be considered secure? I've worked quite a bit in the code behind the agent page and would be very concerned to face it to the internet myself. Obviously all passwords would have to be secure too which might be problematic for agents.
There is also all the JavaScript in the agent page that calls vdc_db_query.php over HTTP and that would send information (including agent passwords) over the internet in cleartext. Has anybody has success in changing this to HTTPS? Is there a performance concern?
There are 6 active web servers in this Vicidial cluster and we are currently using balance to do load balancing between them. Has anybody had any success using balance with both HTTP *and* HTTPS? Or should we then look at something more like nginx?
Most importantly: is this a good idea?
Regards,
Duncan
