On Wed, May 20, 1998 at 11:47:46AM +0300, Liran Zvibel wrote: > On Wed, 20 May 1998, Stephane Bortzmeyer wrote: > > Much more! It allows *any* user on the remote host to do *anything* on your > > machine, using only standard X programs (hint: xmodmap). > > > > The only real solution is to use ssh which is safer and much simpler (no > > longer a need to set DISPLAY). > > Well, the computer I'm using is an old SunOS server that my faculty uses, > I don't think that it has ssh installed (and they won't let me install > anything on the server). > The DISPLAY environment variable is local to my account, and I'll change > it when I'll be logging from home whis a dynamic IP, so it changes every > time I'm logging in. > > I think it is pretty safe, what do you think? do you have any suggestions?
It's reasonably safe, but it's "security by obscurity," if you like. You can also extract your xauth cookie with xauth extract <filename> $DISPLAY then transfer it (ftp, rcp, scp) to the local server, and run xauth merge <filename> ssh is much easier and even more secure, though, but like you not all the systems I use have it installed. Hamish -- Hamish Moffatt, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5 CCs of replies from mailing lists are welcome. http://hamish.home.ml.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
