Security Feature Suggestion: "Delete Password" on exit?
cbeerse "at" lycos.nl
Thu Aug 26 08:55:01 2004
Alex K. Angelopoulos wrote:
> I've been looking at VNC in remote assistance roles recently, and it has
> occurred to me that for that specific role, it might be helpful if VNC
> could be set to either delete the registry keys for passwords on exit or
> to never save the password at all.
> I find myself taken with the idea, but I can also see how this could be
> a pain in the rear for a standard install even if done carefully - if
> it's possible to wade through the issues of multiple keys where the
> password may be specified, it could still be very confusing to people if
> this "setting" were configured and they weren't aware of it.
> Any general reactions to the idea, though?
afaik, VNC installs 2 registry hives: one for the current user and one for the
system. Both have a password entry. As long as no-one is logged-in, the
system-hive and hence the password in there rules. ONce the user is logged-in,
the users hive prevails and its password works.
My idea with this is that you can do one of the next:
1: fill the password in the system-hive with some text (like 'no-password') and
no-one will be able to vnc as long as no-one is logged in.
2: fill the password in the user-hive with some text (like 'no-password') and
no-one will be able to vnc as long as that user is logged in.
3: Remove the password in the system-hive will remove the password question and
give direct access. (removing the password on the user level is no security at
With only 1:, you roughly have what you want if the user is logged-out at the
I might be off at some point, like if the user has no password, it can fall-back
to the system-password. Try and test with this and off you go.
NOte: VNC 4 has different security than vnc 3. My knowledge is based on vnc3
(and might be off at some points too).