Security Feature Suggestion: "Delete Password" on exit?
Alex K. Angelopoulos
aka "at" mvps.org
Thu Aug 26 09:19:00 2004
Hi, Corni - haven't seen you in ages!
Comments inline. Just to make it clear, I'm not proposing any of the items
below as "core" VNC changes - just possible strategies to explore with
Corni Beerse wrote:
> Alex K. Angelopoulos wrote:
>> ... it might be helpful if
>> VNC could be set to either delete the registry keys for passwords on
>> exit or to never save the password at all.
The note from Wez about commandline specification actually seems the best
way to go. It could fall afoul of Win9x commandline length limitations, but
a very simple UI to spawn VNC could validate that while hiding the console
from less ept users...
> afaik, VNC installs 2 registry hives: one for the current user and one
> for the system. Both have a password entry. As long as no-one is
> logged-in, the system-hive and hence the password in there rules. ONce
> the user is logged-in, the users hive prevails and its password works.
Yes. And if I remember correctly (it's been a while for service mode VNC for
me, and that was in the old 3.x days), it is more complicated if there's a
user logged on and no per-user password IIRC - the oddities of Windows
password databases when VNC encountered them produced a very complex
> My idea with this is that you can do one of the next:
> 1: fill the password in the system-hive with some text (like
> 'no-password') and no-one will be able to vnc as long as no-one is
> logged in.
With RealVNC 4, a helper applet could just nuke the key as well as the
> 3: Remove the password in the system-hive will remove the password
> question and give direct access. (removing the password on the user
> level is no security at all...)
As for your other remarks below, that matches what I seem to remember. I
just tested VNC4, and here's what I see.
It DOES appear that user mode insists on its own password - although it may
still read the one under HKU\.Default? - I need to check the source. But
running user mode even with a service password set, VNC server won't log you
> With only 1:, you roughly have what you want if the user is logged-out
> at the console.
> I might be off at some point, like if the user has no password, it can
> fall-back to the system-password. Try and test with this and off you go.
> NOte: VNC 4 has different security than vnc 3. My knowledge is based on
> vnc3 (and might be off at some points too).