> Unfortunately, VNC does not really support any kind of (enforced)
> seperation of these two kinds of users. The underlying issue, from a
> security standpoint, is that VNC doesn't differentiate between
> authentication and authorization: if you authenticate at all, you're
> authorized (as far as VNC is concerned) to do whatever you want on the
> server. From a security standpoint, it'd be useful to see
> segmentation between the "view" mode and the "modify" mode (where your
> input is actually processed by the server).
Warren Toomey did this for Xvnc back in October 1999. Search the archives
for "dopasswd" (that's short for "display only password"). I'm not sure
that this was ever done for WinVNC, though.
Dan Fulbright
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
