vnc and security (and efficiency)

Ivan Popov pin "at" math.chalmers.se
Wed, 04 Mar 1998 16:12:00 +0000


Just an idea. I do not volunteer to make anything :)
Skip the rest if you want to.

Challenge authentication protocol sounds good.
Ssh may provide additional security by encrypting all conversations.

What I would like to see is a capability to run vnc server so that it
accepts _local_ connections only, preferably unix sockets when it concerns
a unix server.

If you use ssh you don't want any remote connections anyway.
Why listen on tcp and expose yourself to additional attack scenarios?
This sounds as a proposal for ssh modification, too - to make
local-socket-to-local-socket forwarding...

Bonus - local (non-tcp) sockets may be more efficient.
Doesn't seem to be hard to implement. Or?

Regards,
--
Ivan Popov <pin "at" math.chalmers.se>
Systemman, Driftavdelningen, Matematiska institutionen, Chalmers TH