Push vs Pull connections (Take II)

John Cavanaugh john-cavanaugh "at" cableone.net
Tue, 10 Nov 1998 06:35:21 +0000 

On Mon, 09 Nov 1998, Alan Cox wrote:
>> 1. I want to share my display with someone outside my firewall via modem.
>>  I have a modem but my phone line does not allow incoming calls.
>> 
>> 2. I want to share my display with my home machine via the Internet 
>> Unfortunately my machine is behind a firewall and thus eliminates all inbound
>> traffic.  But I have the ability to socksify applications so my machine can
>> initiate calls outside the firewall to any port on any machine.
>
>If you run vnc out through a firewall and its not over an encrypted
>session you are nuts. Its trivial to write a vnc sniffer (stateless graphis
>protocols have one great flaw 8))

I agree, running it without some type of encryption would be nuts...  

I think everyone has sort of gone off in the ditch because of the less than
ideal examples that I picked.  I tried to pick a simple example where everyone
would clearly understand it was a situation where a pull would not work, but in
the process it created a completely tangential security discussion.

Ok one more shot at an example where I think push would be much better than
pull...

You want to use VNC in a large scale fashion as a help desk support tool.  This
would involve installing it on everyones machine (perhaps hundreds of
desktops).  In order to facilitate any help desk agent to be able to access
everyones machine you would have to know the password for every machine & have
the VNC server running.

This is less than ideal in that you really dont want the help desk agents to
have unrestricted access to everyones box.  You really only want them to have
access when their is a specific problem.  Granted you could configure the
clients such that the server has to be manually iniated each time, but that
really doesnt solve two remaining problems, the first is the fact that all the
help desk agents would need to know the password and the second is that their
is always the lingering case where people accidentally leave the server running
and then the machine is fair game to anyone that knows the password [Im
guessing this is just about as bad as sharing the root password with a whole
admin team, but it is worse in the sense that it is harder to change the
password because you need to change it on *all* the client boxes]

If VNC had a push deliver method, when a user had a problem the help desk agent
could merely instruct them to push a copy of their display to machine xxx.  The
help desk agent could then accept the inbound connection [Ill leave open
whether or not their is a password on inbound connections], help the caller. 
When completed, either party could terminate the shared display and their is no
[assuming the servers security settings are configured properly] lingering
security issue with having to kill the server etc.

Hopefully this is a better example of the virtues of having both a push and
pull oriented connection methodology.

Now with that having been said, are their any plans to have this type of
functionality in the public version.  I looked at the docs on the internal VNC
version and it does look like they have a similiar feature, though Im not sure
you need a  corba model to support this feature.

--John Cavanaugh



---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------