New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure VRAConnect #227
Comments
could you detail out the issue please? |
Sure, when you Connect-VraServer, you can simply type $Global:VraConnection and see both tokens required for accessing VRA. It would certainly be possible for someone to walk up , get those tokens then start doing work AS YOU. Attack surface area is pretty low, but it's simple to fix so why not? I can submit a PR if you'd like? |
Thanks for clarifying the issue. Would it be possible for you to submit a PR? |
Thanks for this! I didn't realise until today that “script scope in a module is module scope” otherwise we would have done this from the beginning :-) |
Right?! As soon as I read about it I switched all my modules to use that! |
Steps to reproduce
$Global:vraconnection
Server : https://server.domain.local Token : <token> RefreshToken : <refreshtoken> APIVersion : 2019-01-15 SignedCertificates : False SslProtocol : Default
Expected behavior
$Global:vraconnection
Also: $Script:vraconnection
The text was updated successfully, but these errors were encountered: