VNC Security Alert

Ivan Popov pin "at" math.chalmers.se
Wed, 01 Jul 1998 13:35:44 +0000


On Tue, 30 Jun 1998, Quentin Stafford-Fraser wrote:

> Maybe we should make the clipboard functionality optional for those
> particularly concerned about security.  It is a matter for personal

Yes!

> preference, I think - I would find a clipboard which worked some of the time
> and not others rather frustrating, but I can see that others might have
> different priorities.
> 
> As you say, the ideal would be to wrap the whole connection in compression +
> encryption; if using SSH is an option for you I would recommend that for
> now.

That is not sufficient, if one is working with several VNC servers at once
and does not trust some of them. It is e.g. our situation, where sysadm
has to log in on possibly corrupted computers, while eventually having
sensitive data in other windows... :-/

That is, consider not only net eavesdropping, but also compromised
servers.

Yours,
--
Ivan Popov <pin "at" math.chalmers.se>
Systemman, Driftavdelningen, Matematiska institutionen, Chalmers TH


---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------