Sat Feb 15 10:39:00 2003
On Fri, Feb 14, 2003 at 03:32:09PM -0600, Mike Miller wrote:
> On Fri, 14 Feb 2003, Cliff Sarginson wrote:
> > I am going to chirp in here again.
> > All this talk about incorporating code into vnc.
> > What is wrong with attempting to tunnel it through ssh ?
> > This is done in other contexts.
> I do that. But can I get other users to do it? I don't think so. It's
> too much hassle. I don't know of a way to allow access to VNC only
> through a tunnel. Is it possible to impose that on users? If so, please
> tell me what I have to do (in Xvnc/unix context).
I am thinking about it. I will have a look when I get some time. It is
not a problem for me, because of restrictions I place on my network
access..but I am curious.
> > Or perhaps link into some well defined secure library through an API,
> > surely no-one is seriously suggesting ripping hunks of code from one
> > secure product and planting that code in place into another product. Now
> > security issues that come up in the original code have to be fixed again
> > in the hijacked code.
> > This is not sound software engineering.
> If you "rip hunks of code" from a product, that might save you a lot of
> time. What makes you think that writing it from scratch will help you to
> avoid security issues?
You are misunderstanding me. I am not suggesting writing it from
scratch, I am saying that it is a serious maintenance problem to lift
code out of exisiting products, that when the inevitable bugs are found
in that product, they will have to be repaired in Xvnc as well. By using
either an existing tool like ssh, or a library with a well defined API,
you are using stuff that will be maintained at probably no more cost
than a recompilation when that stuff breaks or is improved, or changes
it's algorithms etc.
I am suggesting to use existing tools as tools, as they are.
> It seems to me that established, well-tested code
> would have fewer problems than something new.
I don't disagree at all.
> VNC-List mailing list
[ This mail has been checked as virus-free ]