>> Unfortunately, VNC does not really support any kind of (enforced)
>> seperation of these two kinds of users. The underlying issue, from a
>> security standpoint, is that VNC doesn't differentiate between
>> authentication and authorization: if you authenticate at all, you're
>> authorized (as far as VNC is concerned) to do whatever you want on the
>> server. From a security standpoint, it'd be useful to see
>> segmentation between the "view" mode and the "modify" mode (where your
>> input is actually processed by the server).
>
>Warren Toomey did this for Xvnc back in October 1999. Search the archives
>for "dopasswd" (that's short for "display only password"). I'm not sure
>that this was ever done for WinVNC, though.
FWIW, I've begun to hack in support for this in the Mac server. It's not
nearly finished yet, but when it is, it should also support longer
passwords (which is something else people have been complaining about).
The latter support, however, also requires co-operation in the protocol and
in the client. I want to improve entropy-gathering for the random number
generator, too.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: [EMAIL PROTECTED] (not for attachments)
big-mail: [EMAIL PROTECTED]
uni-mail: [EMAIL PROTECTED]
The key to knowledge is not to rely on people to teach you it.
Get VNC Server for Macintosh from http://www.chromatix.uklinux.net/vnc/
-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a20 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS
PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r++ y+(*)
-----END GEEK CODE BLOCK-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
