VNC and SSL

listbox_8811@hotmail.com listbox_8811@hotmail.com
Wed Jul 30 17:09:00 2003


----- Original Message ----- 
From: "Beerse, Corni" <c.beerse@torex-hiscom.nl>
To: "'Dominik Stok?osa'" <osa@man.poznan.pl>; <vnc-list@realvnc.com>;
<listbox_8811@hotmail.com>
Sent: Tuesday, July 29, 2003 4:29 AM
Subject: RE: VNC and SSL
[snip]
> If you need to use ssl, then security is required.
> If  security is required, then you should not use the java viewer. Having
> the java viewer active is kind of like having the ladder out at night. Its
> like giving the hackers the tool they need.
>
> If you need access over a public network, use the binary viewer for your
> desktop.

Why again is the JavaViewer more insecure than the native client? After all,
it's just a jar file that connects to the same exact port as the native
client. Perhaps having the webserver would be a risk, but you could have
apache serve the applets (as long as it appears to be on the same machine).

Rach