WinVNC & -nevershared

Alex Angelopoulos alex "at"
Wed, 06 Mar 2002 03:18:58 +0000

I did another run, attempting a /noshared switch on Client A, setting loglevel
to 11.

Client B can still connect by specifying /shared. A's client log shows no
traces of anything - not even any bobbles that could be used as a *clue* that
another session was attempted.

----- Original Message -----
From: "Rob Kenyon" <robdkenyon "at">
To: <vnc-list "at">
Sent: Tuesday/2002 March 05 20.21
Subject: RE: WinVNC & -nevershared

: I did.
: I can honestly state that I actually read the docs before posting.
: Notice that "ConnectPriority" states:
: By default, all WinVNC servers will disconnect any existing connections
: when an incoming, non-shared connection is authenticated.  This
: behaviour is undesirable when the server machine is being used as a
: shared workstation by several users or when remoting a single display to
: multiple clients for vewing, as in a classroom situation.
: ConnectPriority indicates what WinVNC should do when a non-shared
: connection is received:
: 0 = Disconnect all existing connections.
: 1 = Don't disconnect any existing connections.
: 2 = Refuse the new connection.
: Note the "non-shared" throughout.   Non-shared is fine and works fine
: and is rejected properly and doesn't kick the first user.  The problem
: is that if the second user asked for a shared connection, it's accepted
: - even if the first client did not say that they wanted a shared
: connection (default on the java/web client is non-shared).
: Now you see the security issue.  A second user can ALWAYS join a
: connection and see the screen (in fact, they can help type or move the
: mouse) even if the first user requested a non-shared session.
: The Xvnc --nevershared option looks like what I need as it states that
: it instructs the server to never accept a request for shared sessions.
: Any more thoughts?
: This isn't intended as a challenge/quiz/test - I really would like to
: know if there's an answer.
: Note, locking by IP does not work in this case as most clients will be
: dial up, non-static IP.
: Rob
: -----Original Message-----
: From: owner-vnc-list "at"
: [mailto:owner-vnc-list "at"] On Behalf Of Michael Ossmann
: Sent: Tuesday, March 05, 2002 11:20 AM
: To: vnc-list "at"
: Subject: Re: WinVNC & -nevershared
: On Mon, Mar 04, 2002 at 06:59:11PM -0700, Rob Kenyon wrote:
: > As my message stated, ConnectPriorty works fine, but it doesn't
: > prevent a second user from requesting a shared session, connecting and
: > seeing the first user's screen.
: Yes, but did you actually try setting it to 2, not 1?
: --
: Mike Ossmann, Tarantella/UNIX Engineer/Instructor
: Alternative Technology, Inc.
: ---------------------------------------------------------------------
: To unsubscribe, mail majordomo "at" with the line:
: 'unsubscribe vnc-list' in the message BODY See also:
: ---------------------------------------------------------------------
: ---------------------------------------------------------------------
: To unsubscribe, mail majordomo "at" with the line:
: 'unsubscribe vnc-list' in the message BODY
: See also:
: ---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" with the line:
'unsubscribe vnc-list' in the message BODY
See also: