Second client attatching

Wallendahl, Michael/SEA mwallend "at" ch2m.com
Fri, 08 Jun 2001 19:57:28 +0000


Two comments:

1) If you have a good VNC password selected, then the second person should
not be able to "bump" off the first person because they won't know the
password.

2) If having a weak password is necessary, then you can set some VNC
registry keys to prompt before allowing connections.  You'd have to set the
key after you connect yourself, else there would be no one to "accept" your
connection on the server screen.  Alternatively, if you always connect from
the same IP address, you could set VNC to only accept connections from that
address, effectively blocking others.

Neither one of the above suggestions will work if the person bumping you off
has administrative rights to the server.  If someone has admin rights they
can easily modify the VNC registry keys remotely and undo any settings that
you make yourself.

HTH,
-Mike

-----Original Message-----
From: Peter Goodridge [mailto:petegdr "at" yahoo.com]
Sent: Friday, June 08, 2001 10:42 AM
To: vnc list
Subject: Second client attatching


Hi,

We have a problem with one of our vnc servers running
on windows 95.  Win VNC 3.3.3 R9

If someone is using the server when soneone else tries
to connect the first person is bumped off, and the
second person takes over the existing session.  Is
there anyway to set it so the second person will get
rejected?

At best this is anoying, at worst it's a kinda big
security flaw.

THX,
Pete Goodridge

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------