Suggestion: Freeze scrollback for locked session(s) + dark/ current text.

[tMH]

Hello everyone!

I want to ask developers to make 'lock session' function more secure:

Stop unauthorized user to scroll back all the text that went up in scroll buffer.

More over, with this backscroll freezing feature it will be nice to blackout current window so nothing can be seen/read in present non-scrolled text.

Might be instead of turning window to dark user will be able to chose custom text or even - (EVIL! picture telling to console intruder that she/he can suck the crab instead of touching SecureCRT session(s)
Or, another one, instead of dark session screen it will be somewhat blurred - as we all know in graphic editors - broken glass, bath glass, out of focus etc

-t

[bgagnon]

Hello tMH,

Suck crab, huh? Interesting.

I have added this thread to a feature request in our product enhancement database that I think pretty much encompasses all the desired functionality.

The feature request is for a method to further protect configuration or application. Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct e-mail notification, contact support@vandyke.com and include "Feature Request - Forum Thread #10660" in the subject line.

[tMH]

3 years has passed, this feature wasn't appeared in newest version of SecureCRt... Any news, ppl ? I insist - this IS very nice and security-friendly feature to block backscroll buffer to be seen while session is blocked from editing.

-t

[bgagnon]

Hi t,

The previously mentioned feature request has not been implemented yet.

Since it might not be as big an undertaking, I have also added this thread to a feature request in our product enhancement database to clear (hide) scrollback buffer automatically when sessions are locked. Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct email notification, contact support@vandyke.com and include "Feature Request - Forum Thread #10660" in the subject line.

[Maureen]

Quote:

Originally Posted by tMH

3 years has passed, this feature wasn't appeared in newest version of SecureCRt... Any news, ppl ? I insist - this IS very nice and security-friendly feature to block backscroll buffer to be seen while session is blocked from editing.

I wanted to follow up on this request. I'd like to get more information about how you would want this to be implemented. Would you want it to use the existing session locking mechanism or would you want to be able to lock the entire SecureCRT window?

Maureen

[tMH]

Quote:

Originally Posted by Maureen

I wanted to follow up on this request. I'd like to get more information about how you would want this to be implemented. Would you want it to use the existing session locking mechanism or would you want to be able to lock the entire SecureCRT window? Maureen

I think existing session locking mechanism could be updated. What user want to lock - one tab or all tabs, it should work like before with a minor changes.
Look here, this is example of "how I see what I want" - blocking all tabs:
http://i.piccy.info/i9/f36304ac70e36...ocused_800.jpg

All view blocking methods can be seen in graphical editors like Pixelate or Paint.NET - Blur,Distort, Unfocus, etc etc, just to make sure intruder will not be able to see WHAT is written in CURRENT window - nor - in backscroll. Sure backscroll itself should be locked from rolling up/down.

Of course, if you won't mess with graphics stuff (I understand, just thought graphic effects should be nice to view, then blank out current tab's window with clean dark screen and one string at center - *LOCKED* , or *LOCKED SESSION, ENTER PASSWORD TO UNLOCK*.
Here is example of this simplified lock:
http://i.piccy.info/i9/2bfb3c06a4ef7...locked_800.jpg


What do you think of it and tell, ppl?

-t

[Maureen]

Thanks for the reply and for creating the examples. I think it would actually be easier to implement locking things down at the application level rather than using the current locking mechanism. In other words, the entire SecureCRT window would be locked until the password/passcode was re-entered. This would also protect against sessions being connected, which the current locking mechanism doesn't do. Would this meet your needs?

Maureen

[tMH]

Quote:

Originally Posted by Maureen

I think it would actually be easier to implement locking things down at the application level rather than using the current locking mechanism. In other words, the entire SecureCRT window would be locked until the password/passcode was re-entered. This would also protect against sessions being connected, which the current locking mechanism doesn't do. Would this meet your needs? Maureen

Great ! Of course, if whole stuff will be locked - intruder will not know what hosts are listed in Connect window.
In other hand - can we combine both methods of locking , like - one is to use on locking by 'old' method and second - TOTAL LOCK?
Something like this..

-t

[habs]

Hello,

Any updates on possibly including this requested feature in SecureCRT? The ability to lock a session that would also prevent scrolling so that the buffer cannot be seen would be ideal in many security contexts.

Currently, I'm resorting to clearing my scrollback buffer before locking the session when leaving the machine unattended, which works, but then I lose all my buffer contents, and being able to refer back to the buffer contents after the session is unlocked can often be a valuable troubleshooting/diagnostic tool.

Thanks!

[jdev]

Quote:

Originally Posted by habs

Any updates on possibly including this requested feature in SecureCRT? The ability to lock a session that would also prevent scrolling so that the buffer cannot be seen would be ideal in many security contexts.

It is on the short list for consideration for the next release.

The first public beta is currently scheduled for later this year.

We will post something here should it become available.

--Jake

[Maureen]

The ability to hide the output for locked sessions has been added to a pre-beta version of SecureCRT. If you'd like to try it, please email me at Maureen.Jett@vandyke.com.

Maureen