WinVNC & -nevershared

Alex Angelopoulos alex "at" bittnet.com
Wed, 06 Mar 2002 03:18:58 +0000


I did another run, attempting a /noshared switch on Client A, setting loglevel
to 11.

Client B can still connect by specifying /shared. A's client log shows no
traces of anything - not even any bobbles that could be used as a *clue* that
another session was attempted.

----- Original Message -----
From: "Rob Kenyon" <robdkenyon "at" attbi.com>
To: <vnc-list "at" uk.research.att.com>
Sent: Tuesday/2002 March 05 20.21
Subject: RE: WinVNC & -nevershared


: I did.
:
: I can honestly state that I actually read the docs before posting.
: Notice that "ConnectPriority" states:
:
: By default, all WinVNC servers will disconnect any existing connections
: when an incoming, non-shared connection is authenticated.  This
: behaviour is undesirable when the server machine is being used as a
: shared workstation by several users or when remoting a single display to
: multiple clients for vewing, as in a classroom situation.
:
: ConnectPriority indicates what WinVNC should do when a non-shared
: connection is received:
: 0 = Disconnect all existing connections.
: 1 = Don't disconnect any existing connections.
: 2 = Refuse the new connection.
:
: Note the "non-shared" throughout.   Non-shared is fine and works fine
: and is rejected properly and doesn't kick the first user.  The problem
: is that if the second user asked for a shared connection, it's accepted
: - even if the first client did not say that they wanted a shared
: connection (default on the java/web client is non-shared).
:
: Now you see the security issue.  A second user can ALWAYS join a
: connection and see the screen (in fact, they can help type or move the
: mouse) even if the first user requested a non-shared session.
:
: The Xvnc --nevershared option looks like what I need as it states that
: it instructs the server to never accept a request for shared sessions.
:
: Any more thoughts?
:
: This isn't intended as a challenge/quiz/test - I really would like to
: know if there's an answer.
:
: Note, locking by IP does not work in this case as most clients will be
: dial up, non-static IP.
:
: Rob
:
: -----Original Message-----
: From: owner-vnc-list "at" uk.research.att.com
: [mailto:owner-vnc-list "at" uk.research.att.com] On Behalf Of Michael Ossmann
: Sent: Tuesday, March 05, 2002 11:20 AM
: To: vnc-list "at" uk.research.att.com
: Subject: Re: WinVNC & -nevershared
:
:
: On Mon, Mar 04, 2002 at 06:59:11PM -0700, Rob Kenyon wrote:
: > As my message stated, ConnectPriorty works fine, but it doesn't
: > prevent a second user from requesting a shared session, connecting and
:
: > seeing the first user's screen.
:
: Yes, but did you actually try setting it to 2, not 1?
:
: --
: Mike Ossmann, Tarantella/UNIX Engineer/Instructor
: Alternative Technology, Inc.  http://www.alttech.com/
: ---------------------------------------------------------------------
: To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
: 'unsubscribe vnc-list' in the message BODY See also:
: http://www.uk.research.att.com/vnc/intouch.html
: ---------------------------------------------------------------------
: ---------------------------------------------------------------------
: To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
: 'unsubscribe vnc-list' in the message BODY
: See also: http://www.uk.research.att.com/vnc/intouch.html
: ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------