Yep. I can confirm.
Registry setting ConnectPriority 2 on the server. Client A connects. Client B attempts to connect, and has the connection instantly closed. Client B then attempts to connect AGAIN, specifying the /shared switch - and successfully connects, making it a shared session. ----- Original Message ----- From: "Rob Kenyon" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday/2002 March 05 20.21 Subject: RE: WinVNC & -nevershared : I did. : : I can honestly state that I actually read the docs before posting. : Notice that "ConnectPriority" states: : : By default, all WinVNC servers will disconnect any existing connections : when an incoming, non-shared connection is authenticated. This : behaviour is undesirable when the server machine is being used as a : shared workstation by several users or when remoting a single display to : multiple clients for vewing, as in a classroom situation. : : ConnectPriority indicates what WinVNC should do when a non-shared : connection is received: : 0 = Disconnect all existing connections. : 1 = Don't disconnect any existing connections. : 2 = Refuse the new connection. : : Note the "non-shared" throughout. Non-shared is fine and works fine : and is rejected properly and doesn't kick the first user. The problem : is that if the second user asked for a shared connection, it's accepted : - even if the first client did not say that they wanted a shared : connection (default on the java/web client is non-shared). : : Now you see the security issue. A second user can ALWAYS join a : connection and see the screen (in fact, they can help type or move the : mouse) even if the first user requested a non-shared session. : : The Xvnc --nevershared option looks like what I need as it states that : it instructs the server to never accept a request for shared sessions. : : Any more thoughts? : : This isn't intended as a challenge/quiz/test - I really would like to : know if there's an answer. : : Note, locking by IP does not work in this case as most clients will be : dial up, non-static IP. : : Rob : : -----Original Message----- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED]] On Behalf Of Michael Ossmann : Sent: Tuesday, March 05, 2002 11:20 AM : To: [EMAIL PROTECTED] : Subject: Re: WinVNC & -nevershared : : : On Mon, Mar 04, 2002 at 06:59:11PM -0700, Rob Kenyon wrote: : > As my message stated, ConnectPriorty works fine, but it doesn't : > prevent a second user from requesting a shared session, connecting and : : > seeing the first user's screen. : : Yes, but did you actually try setting it to 2, not 1? : : -- : Mike Ossmann, Tarantella/UNIX Engineer/Instructor : Alternative Technology, Inc. http://www.alttech.com/ : --------------------------------------------------------------------- : To unsubscribe, mail [EMAIL PROTECTED] with the line: : 'unsubscribe vnc-list' in the message BODY See also: : http://www.uk.research.att.com/vnc/intouch.html : --------------------------------------------------------------------- : --------------------------------------------------------------------- : To unsubscribe, mail [EMAIL PROTECTED] with the line: : 'unsubscribe vnc-list' in the message BODY : See also: http://www.uk.research.att.com/vnc/intouch.html : --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
