Security...

[David le Blanc]

I've notices that when you EXCEED four bad passwords, you cannot connect
(connection failures) for a short (and possibly increasing) time.

Need more than 3 or 4 bad tries though..


-----Original Message-----
From: vnc-list-admin "at" realvnc.com [mailto:vnc-list-admin "at" realvnc.com] On
Behalf Of Alex K. Angelopoulos
Sent: Monday, 3 June 2002 3:49 PM
To: vnc-list "at" realvnc.com
Subject: Re: Security...


Speaking of this, I thought there was an increasing timeout implemented
in the server for successive bad password attempts? I just tried
checking this in real time and found that there was no noticeable delay
when I tried about 4 successive "bad" passwords against a Windows
TightVNC 1.23 server.

----- Original Message -----
From: "Dave Warren" <maillist "at" devilsplayground.net>
To: <vnc-list "at" realvnc.com>
Sent: Sunday, 2002-06-02 23:52
Subject: Re: Security...


> Shing-Fat Fred Ma wrote:
> > In this situation, it would be very desirable
> > to have the server act unfriendly towards
> > password failures, thereby making it less
> > necessary to use -localhost, thereby
> > making it unnecessary to use ssh to connect.
>
> Another option, set up a secure interface to a software firewall (Or 
> hardware firewall, if you can afford it), browser based SSL, and use 
> that to unlock VNC as needed.
>
> The VNC session itself is still unencrypted, but at least it's access 
> secured.
>
>
> --
> The nice thing about standards, there is enough for everyone to have 
> their
own.
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
VNC-List "at" realvnc.com http://www.realvnc.com/mailman/listinfo/vnc-list