Secure VRAConnect #227
Comments
|
could you detail out the issue please? |
|
Sure, when you Connect-VraServer, you can simply type $Global:VraConnection and see both tokens required for accessing VRA. It would certainly be possible for someone to walk up , get those tokens then start doing work AS YOU. Attack surface area is pretty low, but it's simple to fix so why not? I can submit a PR if you'd like? |
|
Thanks for clarifying the issue. Would it be possible for you to submit a PR? |
|
Thanks for this! I didn't realise until today that “script scope in a module is module scope” otherwise we would have done this from the beginning :-) |
|
Right?! As soon as I read about it I switched all my modules to use that! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
$Global:vraconnection
Server : https://server.domain.local Token : <token> RefreshToken : <refreshtoken> APIVersion : 2019-01-15 SignedCertificates : False SslProtocol : DefaultExpected behavior
$Global:vraconnection
Also: $Script:vraconnection
The text was updated successfully, but these errors were encountered: