question about Ticket generated by proxmox api

[newtestisme]

Hello

iam asking about proxmox ticket generated using proxmox api ( php ) - iam passing this ticket to clients using java web console

is there any risk for passing this ticket to clients ? - example this ticket vaild only for vnc or all functions like delete - reboot etc

and is this ticket vaild for 1vm or all vms can be affected by this ticket if its known by other one


thanks

 

[dietmar]

iam asking about proxmox ticket generated using proxmox api ( php ) - iam passing this ticket to clients using java web console

What ticket do you talk about exactly (API call/result property name)?

 

[newtestisme]

Hello
thanks for replying

iam speaking about vncproxy

$response = $pve2->post("/nodes/$nodename/qemu/$node/vncproxy",$parameters);


it should get ticket password to access to vnc - iam using web java console and iam passing it to my clients

i just want ask the ticket password of accessing vnc has any risk to be known by client and cant it affect other clients or send any other commands like reboot etc or its just for vnc access only


thanks

 

[dietmar]

i just want ask the ticket password of accessing vnc has any risk to be known by client and cant it affect other clients or send any other commands like reboot etc or its just for vnc access only

It is still unclear what ticket you talk about? The value returned by "/nodes/$nodename/qemu/$node/vncproxy" is only used to allow vnc access for the specified VM, so you can safely pass that to the client.