Also just checked that when a fleet desktop window opens that token is active for an hours by default but if you just copy that url and browse it from someother device as well you are able to see all the details.
Thats kinda spooky so if someone gets hang of url they can checkout all the details.
any way to fix this please?
02/09/2023, 4:06 PM
I can see how that might feel a little spooky. That url was intentionally made to be shareable, to make getting device information from an end user easier when troubleshooting (if, for instance, IT didn't have access to Fleet directly). One strategy I've seen used to lock thins up a bit is to restrict access to the endpoint to internal networks.
02/09/2023, 4:07 PM
Restriction on the hosting side? like in aws you mean?
or is there an option in fleet side
02/09/2023, 4:16 PM
Sorry, yes. In your load balancer or proxy server.
02/09/2023, 4:26 PM
Fleet also rotates this URL every hour for this purpose.
We have also seen folks put their SSO solution in front of this page.
02/09/2023, 4:58 PM
alrighty thanks, i think sso can be a good option in front