Discussion:
Where am I ... Take 2
Lester Caine
2014-07-28 15:34:25 UTC
Permalink
Having now worked out the correct questions to ask, I've now discovered
that the magic value that I need to read via the browser is

HKEY_CURRENT_USER\Volatile Environment\ViewClient_Machine_Name

This will apparently contain the asset number of the machine I need to
identify. It's IP address will not be contained in the browser header
since that is provided via the load sharing from a poll of IP addresses
managed by the VDI system rather than the physical IP address of the
machine.

I believe that I need the customer to run something on the desktop in
order to make the variable available via the browser. It can't be read
direct via javascript?
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Christoph Becker
2014-07-28 16:48:50 UTC
Permalink
Post by Lester Caine
Having now worked out the correct questions to ask, I've now discovered
that the magic value that I need to read via the browser is
HKEY_CURRENT_USER\Volatile Environment\ViewClient_Machine_Name
Um, are you sure that is the correct key? HKEY_CURRENT_*USER* seems
doubtful.
Post by Lester Caine
This will apparently contain the asset number of the machine I need to
identify. It's IP address will not be contained in the browser header
since that is provided via the load sharing from a poll of IP addresses
managed by the VDI system rather than the physical IP address of the
machine.
I believe that I need the customer to run something on the desktop in
order to make the variable available via the browser. It can't be read
direct via javascript?
No, access to the registry is hopefully impossible via browser-side
JavaScript (otherwise that would be a security hole, IMHO).

However, it might not be necessary to "run something" on the desktop; in
the simplest case an appropriate shortcut to "start" the web application
might suffice. If the value of the environment variable COMPUTERNAME
would be okay, it is as simple as:

http://www.example.com/computername=%COMPUTERNAME%

(See
<http://stackoverflow.com/questions/21315708/reading-environment-variables-with-javascript>.)

If you really need to send the value of a registry key, a small batch
script should do the trick.
--
Christoph M. Becker
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Lester Caine
2014-07-28 17:12:52 UTC
Permalink
Post by Christoph Becker
Post by Lester Caine
Having now worked out the correct questions to ask, I've now discovered
that the magic value that I need to read via the browser is
HKEY_CURRENT_USER\Volatile Environment\ViewClient_Machine_Name
Um, are you sure that is the correct key? HKEY_CURRENT_*USER* seems
doubtful.
This is EXACTLY where the information has been hidden ;)
The point is that this is VMWare View ... At least I think that is the
system being used.
Post by Christoph Becker
Post by Lester Caine
This will apparently contain the asset number of the machine I need to
identify. It's IP address will not be contained in the browser header
since that is provided via the load sharing from a poll of IP addresses
managed by the VDI system rather than the physical IP address of the
machine.
I believe that I need the customer to run something on the desktop in
order to make the variable available via the browser. It can't be read
direct via javascript?
No, access to the registry is hopefully impossible via browser-side
JavaScript (otherwise that would be a security hole, IMHO).
The security hole in this particular case is NOT being able to identify
the location from which any suspicious activity is being attempted.
Currently they can't even say which building ...
Post by Christoph Becker
However, it might not be necessary to "run something" on the desktop; in
the simplest case an appropriate shortcut to "start" the web application
might suffice. If the value of the environment variable COMPUTERNAME
http://www.example.com/computername=%COMPUTERNAME%
See previous thread, but the information I was missing previously is
documented above. The publicly available computer name is a random VDI
desk number from the pool and unrelated to the physical client device.
Post by Christoph Becker
(See
<http://stackoverflow.com/questions/21315708/reading-environment-variables-with-javascript>.)
If you really need to send the value of a registry key, a small batch
script should do the trick.
Something is needed that can read the real location information and
allow the browser to access it. The whole point of switching to a
browser based system was that we did not need custom code on the client
machines :(
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Kevin Kinsey
2014-07-28 18:29:18 UTC
Permalink
Post by Lester Caine
Something is needed that can read the real location information and
allow the browser to access it. The whole point of switching to a
browser based system was that we did not need custom code on the client
machines :(
--
Lester Caine - G8HFL
Until now, apparently. ;-)

Kevin Kinsey

PS > I suppose I'm late in on this. Java applet, maybe? But it
has to be "approved" by the end user.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Lester Caine
2014-07-28 18:52:21 UTC
Permalink
Post by Kevin Kinsey
Post by Lester Caine
Something is needed that can read the real location information and
allow the browser to access it. The whole point of switching to a
browser based system was that we did not need custom code on the client
machines :(
Until now, apparently. ;-)
Kevin Kinsey
PS > I suppose I'm late in on this. Java applet, maybe? But it
has to be "approved" by the end user.
That is what I've reached so far. Option one is for them to select the
location manually from a drop down list of 62 but having now learnt the
right questions to ask, and established that the virtual desktop DOES
have the information on it's physical location, the next question is
just how to get at it ...
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Andrew Ballard
2014-07-28 19:01:02 UTC
Permalink
Post by Lester Caine
Post by Kevin Kinsey
Post by Lester Caine
Something is needed that can read the real location information and
allow the browser to access it. The whole point of switching to a
browser based system was that we did not need custom code on the client
machines :(
Until now, apparently. ;-)
Kevin Kinsey
PS > I suppose I'm late in on this. Java applet, maybe? But it
has to be "approved" by the end user.
That is what I've reached so far. Option one is for them to select the
location manually from a drop down list of 62 but having now learnt the
right questions to ask, and established that the virtual desktop DOES
have the information on it's physical location, the next question is
just how to get at it ...
Short of a browser plug-in, Java applet, ActiveX control, etc., you
won't. That information is protected from the web browser for good
reasons. I don't know how your view environment is configured, but
even the idea of a batch file or custom shortcut may not work since
the users may not even have to be in your facility. In ours, they can
be practically anywhere in the world.

Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Lester Caine
2014-07-28 21:59:09 UTC
Permalink
Post by Andrew Ballard
Post by Lester Caine
Post by Kevin Kinsey
Post by Lester Caine
Something is needed that can read the real location information and
allow the browser to access it. The whole point of switching to a
browser based system was that we did not need custom code on the client
machines :(
Until now, apparently. ;-)
Kevin Kinsey
PS > I suppose I'm late in on this. Java applet, maybe? But it
has to be "approved" by the end user.
That is what I've reached so far. Option one is for them to select the
location manually from a drop down list of 62 but having now learnt the
right questions to ask, and established that the virtual desktop DOES
have the information on it's physical location, the next question is
just how to get at it ...
Short of a browser plug-in, Java applet, ActiveX control, etc., you
won't. That information is protected from the web browser for good
reasons. I don't know how your view environment is configured, but
even the idea of a batch file or custom shortcut may not work since
the users may not even have to be in your facility. In ours, they can
be practically anywhere in the world.
The machines that need to identify their locations are in the same
office as the announcement and display system that calls to the
identified counters along with the web server so we have full control of
the physical kit.

I've spent a few hours reading up on VMWare, and the one thing that
seems to be missing from every discussion on security and forensics is
ANY reference to the physical location of a client. There seems to be an
assumption that as long as physical security devices are used to access
the system, that is sufficient, but is that really well placed, or just
sticking head in and. If someone wants to hack a system they will obtain
the means just like stealing car keys to pinch the car. The idea that
because a client device only displays video images, so the data is
inherently safe seems to miss the whole aspect of video recording?

All *I* want to do is identify which Reception Desk or Interview Room a
user is located at without having to rely on their selecting the right
one from a list of perhaps 60 ... One does wonder at times if people
even think things through at all?
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Andrew Ballard
2014-07-29 03:33:54 UTC
Permalink
Post by Lester Caine
The machines that need to identify their locations are in the same
office as the announcement and display system that calls to the
identified counters along with the web server so we have full control of
the physical kit.
I've spent a few hours reading up on VMWare, and the one thing that
seems to be missing from every discussion on security and forensics is
ANY reference to the physical location of a client. There seems to be an
assumption that as long as physical security devices are used to access
the system, that is sufficient, but is that really well placed, or just
sticking head in and. If someone wants to hack a system they will obtain
the means just like stealing car keys to pinch the car. The idea that
because a client device only displays video images, so the data is
inherently safe seems to miss the whole aspect of video recording?
All *I* want to do is identify which Reception Desk or Interview Room a
user is located at without having to rely on their selecting the right
one from a list of perhaps 60 ... One does wonder at times if people
even think things through at all?
Yeah, that's not really part of the VMware idea as far as I've seen. I
have a persistent desktop, and the beauty for me is I can start
working on the computer in my office, close the window and pull it up
on a computer in a lab down the hall, walk to another building and
pull it up on my laptop, etc. and continue working. For that matter, I
could even pull it up on my phone if I'm glutton for the punishment of
working on a small screen. Some of our users get non-persistent
desktops where they get a fresh machine every time they log in.

Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Lester Caine
2014-07-29 06:05:14 UTC
Permalink
Post by Andrew Ballard
Post by Lester Caine
All *I* want to do is identify which Reception Desk or Interview Room a
Post by Lester Caine
user is located at without having to rely on their selecting the right
one from a list of perhaps 60 ... One does wonder at times if people
even think things through at all?
Yeah, that's not really part of the VMware idea as far as I've seen. I
have a persistent desktop, and the beauty for me is I can start
working on the computer in my office, close the window and pull it up
on a computer in a lab down the hall, walk to another building and
pull it up on my laptop, etc. and continue working. For that matter, I
could even pull it up on my phone if I'm glutton for the punishment of
working on a small screen. Some of our users get non-persistent
desktops where they get a fresh machine every time they log in.
The persistent desktop does not have anything to do with simply
providing key data. If it was on an Android device we would be hassled
all the time to switch the GPS back on :) That the system is hamstrung
by the a bad choice in desktop OS which does not allow critical element
by default is the main problem, but for most of the desktops I'm working
with, the thin client machines only needs to have a good stable browser
and everything else runs on PHP. Your phone gets a view more suited to
the small screen, and you can log in from anywhere. The latest problem
on site is that after a recent update all machines are
'WIN7ENTX86V4.xxx' so you can't even distinguish two adjacent desks :( I
get the principle, its the implementation that seems to be badly
implemented.
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Loading...