On Mon, Feb 19, 2007 at 03:11:15AM +0100, Johannes Schindelin wrote: > Hi, > > On Sun, 18 Feb 2007, Anthony Liguori wrote: > > > Christopher Olsen wrote: > > > Sorry I'll attempt to use the preferred patching method in the future.. > > > > > > Secure vnc auth method the default built in method from > > > > > > > We can't take a password from a command line. Supporting VNC auth is > > super easy otherwise. I really think we need to have a config file > > before we can do VNC passwords. > > No, you should not do VNC passwords. The default VNC password exchange is > insecure and you should not lure users into believing in that false > security.
Sure it is insecure over an unencrypted network channel, but if you are tunnelling the VNC connection over SSH, or have restricted it to only bind to 127.0.0.1 then AFAIK it is just fine. So supporting VNC password auth would allow users on a shared machine to secure the console from other unprivileged users on the same box. Definitely useful over the current situation where there's no way to secure even the local-only case. For a serious general purpose authentication I'd like to see the TLS protocol extension for VNC (as implemented in VeNCrypt) supported allowing both secure auth & wire encryption. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| _______________________________________________ Qemu-devel mailing list Qemu-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/qemu-devel
