VNC Security Alert

[Quentin Stafford-Fraser]

Maybe we should make the clipboard functionality optional for those
particularly concerned about security.  It is a matter for personal
preference, I think - I would find a clipboard which worked some of the time
and not others rather frustrating, but I can see that others might have
different priorities.

As you say, the ideal would be to wrap the whole connection in compression +
encryption; if using SSH is an option for you I would recommend that for
now.

Quentin
----
Dr Quentin Stafford-Fraser
The Olivetti & Oracle Research Lab
http://www.orl.co.uk/~qsf


-----Original Message-----
From: James Mc Parlane <james "at" ebom.org>
To: vnc-list "at" orl.co.uk <vnc-list "at" orl.co.uk>
Date: 30 June 1998 13:08
Subject: VNC Security Alert


>I've spent the last few days writing tiny VNC server for Win32 and linux
and
>I noticed that a ClientCutTextMsg was sent to every VNC server I was
>connected to, every time I copied something into the clipboard on my local
>machine (Win32).
>
>Even if the VNC client was minimised.
>
>This means that if you have a VNC session open to a remote machine on the
>internet, then every time your clipboard changes, it will be sent out in
>plain text onto the net.
>
>It also means that if you copy a HUGE piece of text. (I tested it with a
web
>log file) it will waste bandwidth by uselessly transmitting it to the
>server.
>
>I wouldn't mind it it if the text was sent only if the window was active.
>
>Some basic encryption would be nice too.
>



---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------