On 29 December 2014 at 19:09, Attila-Mihaly Balazs <dify....@gmail.com> wrote: > My suggestion for improvement would be: > - change the behaviour of "-vnc :port" such that it listens on "127.0.0.1" > when the IP isn't specified > - if host is "0.0.0.0" (perhaps also include any routable IPv4 addresses - > and non-link-local IPv6 addresses) and no authentication method is specified > error out with a message like "It is recommended that you DO NOT expose the > VNC server directly to the public internet. If you are sure of what you are > doing, please specify an authentication method for the VNC server. See the > documentation for more details"
Seems reasonable to me. Some questions: * do we need an option for "yes, I know what I'm doing and do not want any authentication" ? * how many of these VMs are configured for wide-open VNC by libvirt or similar management tool rather than by the user directly running QEMU? thanks -- PMM
