I did. I can honestly state that I actually read the docs before posting. Notice that "ConnectPriority" states:
By default, all WinVNC servers will disconnect any existing connections when an incoming, non-shared connection is authenticated. This behaviour is undesirable when the server machine is being used as a shared workstation by several users or when remoting a single display to multiple clients for vewing, as in a classroom situation. ConnectPriority indicates what WinVNC should do when a non-shared connection is received: 0 = Disconnect all existing connections. 1 = Don't disconnect any existing connections. 2 = Refuse the new connection. Note the "non-shared" throughout. Non-shared is fine and works fine and is rejected properly and doesn't kick the first user. The problem is that if the second user asked for a shared connection, it's accepted - even if the first client did not say that they wanted a shared connection (default on the java/web client is non-shared). Now you see the security issue. A second user can ALWAYS join a connection and see the screen (in fact, they can help type or move the mouse) even if the first user requested a non-shared session. The Xvnc --nevershared option looks like what I need as it states that it instructs the server to never accept a request for shared sessions. Any more thoughts? This isn't intended as a challenge/quiz/test - I really would like to know if there's an answer. Note, locking by IP does not work in this case as most clients will be dial up, non-static IP. Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael Ossmann Sent: Tuesday, March 05, 2002 11:20 AM To: [EMAIL PROTECTED] Subject: Re: WinVNC & -nevershared On Mon, Mar 04, 2002 at 06:59:11PM -0700, Rob Kenyon wrote: > As my message stated, ConnectPriorty works fine, but it doesn't > prevent a second user from requesting a shared session, connecting and > seeing the first user's screen. Yes, but did you actually try setting it to 2, not 1? -- Mike Ossmann, Tarantella/UNIX Engineer/Instructor Alternative Technology, Inc. http://www.alttech.com/ --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
